svn rev #21791: branches/mkey_migrate/src/ include/ kadmin/cli/ kadmin/server/ ...
wfiveash@MIT.EDU
wfiveash at MIT.EDU
Fri Jan 23 14:57:16 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21791
Commit By: wfiveash
Log Message:
Merge with head of trunk. Pulled in Ken's fix for db2 hash bug on
filesystems whose record size is > 64K. All make check tests pass on my
Solaris test system using ZFS with recordsize=128K.
Changed Files:
U branches/mkey_migrate/src/include/k5-buf.h
U branches/mkey_migrate/src/kadmin/cli/kadmin.c
U branches/mkey_migrate/src/kadmin/server/schpw.c
U branches/mkey_migrate/src/kdc/network.c
U branches/mkey_migrate/src/lib/crypto/aead.h
U branches/mkey_migrate/src/lib/crypto/arcfour/deps
U branches/mkey_migrate/src/lib/crypto/cksumtypes.h
U branches/mkey_migrate/src/lib/crypto/deps
U branches/mkey_migrate/src/lib/crypto/des/deps
U branches/mkey_migrate/src/lib/crypto/dk/deps
U branches/mkey_migrate/src/lib/crypto/enc_provider/deps
U branches/mkey_migrate/src/lib/crypto/keyhash_provider/deps
U branches/mkey_migrate/src/lib/crypto/keyhash_provider/md5_hmac.c
U branches/mkey_migrate/src/lib/crypto/raw/deps
U branches/mkey_migrate/src/lib/gssapi/generic/gssapiP_generic.h
U branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.c
U branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.h
U branches/mkey_migrate/src/lib/gssapi/generic/util_canonhost.c
U branches/mkey_migrate/src/lib/gssapi/generic/util_localhost.c
U branches/mkey_migrate/src/lib/gssapi/generic/util_token.c
U branches/mkey_migrate/src/lib/gssapi/krb5/accept_sec_context.c
U branches/mkey_migrate/src/lib/gssapi/krb5/acquire_cred.c
U branches/mkey_migrate/src/lib/gssapi/krb5/copy_ccache.c
U branches/mkey_migrate/src/lib/gssapi/krb5/delete_sec_context.c
U branches/mkey_migrate/src/lib/gssapi/krb5/get_tkt_flags.c
U branches/mkey_migrate/src/lib/gssapi/krb5/gssapiP_krb5.h
U branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.c
U branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.hin
U branches/mkey_migrate/src/lib/gssapi/krb5/init_sec_context.c
U branches/mkey_migrate/src/lib/gssapi/krb5/inq_context.c
U branches/mkey_migrate/src/lib/gssapi/krb5/k5seal.c
U branches/mkey_migrate/src/lib/gssapi/krb5/k5sealiov.c
U branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3.c
U branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3iov.c
U branches/mkey_migrate/src/lib/gssapi/krb5/k5unseal.c
U branches/mkey_migrate/src/lib/gssapi/krb5/k5unsealiov.c
U branches/mkey_migrate/src/lib/gssapi/krb5/krb5_gss_glue.c
U branches/mkey_migrate/src/lib/gssapi/krb5/lucid_context.c
U branches/mkey_migrate/src/lib/gssapi/krb5/seal.c
U branches/mkey_migrate/src/lib/gssapi/krb5/ser_sctx.c
U branches/mkey_migrate/src/lib/gssapi/krb5/set_ccache.c
U branches/mkey_migrate/src/lib/gssapi/krb5/sign.c
U branches/mkey_migrate/src/lib/gssapi/krb5/unseal.c
U branches/mkey_migrate/src/lib/gssapi/krb5/util_cksum.c
U branches/mkey_migrate/src/lib/gssapi/krb5/util_crypt.c
U branches/mkey_migrate/src/lib/gssapi/krb5/util_seed.c
U branches/mkey_migrate/src/lib/gssapi/krb5/util_seqnum.c
U branches/mkey_migrate/src/lib/gssapi/krb5/verify.c
U branches/mkey_migrate/src/lib/gssapi/krb5/wrap_size_limit.c
U branches/mkey_migrate/src/lib/gssapi/mechglue/g_initialize.c
U branches/mkey_migrate/src/lib/kadm5/srv/svr_iters.c
U branches/mkey_migrate/src/lib/kadm5/srv/svr_principal.c
U branches/mkey_migrate/src/lib/kdb/kdb5.c
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.c
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.h
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.c
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.h
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.c
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.h
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_encode.c
U branches/mkey_migrate/src/lib/krb5/asn.1/asn1buf.c
U branches/mkey_migrate/src/lib/krb5/asn.1/krb5_decode.c
U branches/mkey_migrate/src/lib/krb5/asn.1/krbasn1.h
U branches/mkey_migrate/src/lib/krb5/krb/get_in_tkt.c
U branches/mkey_migrate/src/lib/krb5/krb/pac.c
U branches/mkey_migrate/src/lib/krb5/krb/parse.c
U branches/mkey_migrate/src/lib/krb5/os/read_msg.c
U branches/mkey_migrate/src/lib/krb5/rcache/rc_dfl.c
U branches/mkey_migrate/src/lib/krb5/rcache/rc_io.c
U branches/mkey_migrate/src/lib/krb5/rcache/rcdef.c
U branches/mkey_migrate/src/lib/krb5/rcache/t_replay.c
U branches/mkey_migrate/src/lib/rpc/xdr.c
U branches/mkey_migrate/src/plugins/kdb/db2/libdb2/hash/hash.c
U branches/mkey_migrate/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
U branches/mkey_migrate/src/util/support/k5buf-int.h
U branches/mkey_migrate/src/util/support/k5buf.c
U branches/mkey_migrate/src/util/support/t_k5buf.c
Modified: branches/mkey_migrate/src/include/k5-buf.h
===================================================================
--- branches/mkey_migrate/src/include/k5-buf.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/include/k5-buf.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -9,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -17,14 +17,14 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
*
+ *
* k5buf string buffer module interface
*/
Modified: branches/mkey_migrate/src/kadmin/cli/kadmin.c
===================================================================
--- branches/mkey_migrate/src/kadmin/cli/kadmin.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/kadmin/cli/kadmin.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1486,7 +1486,7 @@
retval = krb5_unparse_name(context, dprinc.principal, &canon);
if (retval) {
com_err("get_principal", retval, "while canonicalizing principal");
- krb5_free_principal(context, princ);
+ kadm5_free_principal_ent(handle, &dprinc);
return;
}
retval = krb5_unparse_name(context, dprinc.mod_name, &modcanon);
Modified: branches/mkey_migrate/src/kadmin/server/schpw.c
===================================================================
--- branches/mkey_migrate/src/kadmin/server/schpw.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/kadmin/server/schpw.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -39,6 +39,7 @@
int numresult;
char strresult[1024];
char *clientstr = NULL, *targetstr = NULL;
+ const char *errmsg = NULL;
size_t clen;
char *cdots;
struct sockaddr_storage ss;
@@ -244,6 +245,8 @@
ret = schpw_util_wrapper(server_handle, client, target,
(ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
ptr, NULL, strresult, sizeof(strresult));
+ if (ret)
+ errmsg = krb5_get_error_message(context, ret);
/* zap the password */
memset(clear.data, 0, clear.length);
@@ -307,12 +310,12 @@
addrbuf,
(int) clen, clientstr, cdots,
(int) tlen, targetp, tdots,
- ret ? krb5_get_error_message (context, ret) : "success");
+ errmsg ? errmsg : "success");
} else {
krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s",
addrbuf,
(int) clen, clientstr, cdots,
- ret ? krb5_get_error_message (context, ret) : "success");
+ errmsg ? errmsg : "success");
}
switch (ret) {
case KADM5_AUTH_CHANGEPW:
@@ -467,6 +470,8 @@
krb5_free_unparsed_name(context, targetstr);
if (clientstr)
krb5_free_unparsed_name(context, clientstr);
+ if (errmsg)
+ krb5_free_error_message(context, errmsg);
return(ret);
}
Modified: branches/mkey_migrate/src/kdc/network.c
===================================================================
--- branches/mkey_migrate/src/kdc/network.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/kdc/network.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1163,6 +1163,7 @@
krb5_error_code retval;
krb5_data *scratch;
+ *out = NULL;
memset(&errpkt, 0, sizeof(errpkt));
retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec);
Modified: branches/mkey_migrate/src/lib/crypto/aead.h
===================================================================
--- branches/mkey_migrate/src/lib/crypto/aead.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/aead.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1,7 +1,7 @@
/*
* lib/crypto/aead.h
*
- * Copyright 2008 by the Massachusetts Institute of Technology.
+ * Copyright 2008, 2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -25,6 +25,7 @@
*/
#include "k5-int.h"
+#include "cksumtypes.h"
/* AEAD helpers */
Modified: branches/mkey_migrate/src/lib/crypto/arcfour/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/arcfour/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/arcfour/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -21,7 +21,7 @@
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- arcfour-int.h arcfour.h arcfour_aead.c
+ $(srcdir)/../cksumtypes.h arcfour-int.h arcfour.h arcfour_aead.c
arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: branches/mkey_migrate/src/lib/crypto/cksumtypes.h
===================================================================
--- branches/mkey_migrate/src/lib/crypto/cksumtypes.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/cksumtypes.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -24,6 +24,8 @@
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
+#ifndef CKSUMTYPES_H
+#define CKSUMTYPES_H
#include "k5-int.h"
struct krb5_cksumtypes {
@@ -57,3 +59,4 @@
extern const struct krb5_cksumtypes krb5_cksumtypes_list[];
extern const unsigned int krb5_cksumtypes_length;
+#endif
Modified: branches/mkey_migrate/src/lib/crypto/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -85,8 +85,8 @@
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h aead.h crypto_length.c \
- etypes.h
+ $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+ crypto_length.c etypes.h
crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -116,7 +116,7 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- aead.h decrypt.c etypes.h
+ aead.h cksumtypes.h decrypt.c etypes.h
decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -126,8 +126,8 @@
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h aead.h decrypt_iov.c \
- etypes.h
+ $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+ decrypt_iov.c etypes.h
encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -137,7 +137,7 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- aead.h encrypt.c etypes.h
+ aead.h cksumtypes.h encrypt.c etypes.h
encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -157,8 +157,8 @@
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h aead.h encrypt_length.c \
- etypes.h
+ $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+ encrypt_length.c etypes.h
enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -203,7 +203,7 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- aead.h hmac.c
+ aead.h cksumtypes.h hmac.c
keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: branches/mkey_migrate/src/lib/crypto/des/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/des/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/des/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -30,7 +30,8 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../aead.h d3_aead.c des_int.h f_tables.h
+ $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h d3_aead.c \
+ des_int.h f_tables.h
d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -50,7 +51,8 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../aead.h des_int.h f_aead.c f_tables.h
+ $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h des_int.h \
+ f_aead.c f_tables.h
f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
Modified: branches/mkey_migrate/src/lib/crypto/dk/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/dk/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/dk/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -11,7 +11,8 @@
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- $(srcdir)/../etypes.h checksum.c dk.h
+ $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h checksum.c \
+ dk.h
dk_aead.so dk_aead.po $(OUTPRE)dk_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -21,7 +22,8 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../aead.h dk.h dk_aead.c
+ $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h dk.h \
+ dk_aead.c
dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: branches/mkey_migrate/src/lib/crypto/enc_provider/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/enc_provider/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/enc_provider/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -10,8 +10,8 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des.c \
- enc_provider.h
+ $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../des/des_int.h \
+ des.c enc_provider.h
des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -21,7 +21,8 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des3.c
+ $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../des/des_int.h \
+ des3.c
aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -32,7 +33,7 @@
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(srcdir)/../aead.h $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h \
- aes.c enc_provider.h
+ $(srcdir)/../cksumtypes.h aes.c enc_provider.h
rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -43,4 +44,5 @@
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(srcdir)/../aead.h $(srcdir)/../arcfour/arcfour-int.h \
- $(srcdir)/../arcfour/arcfour.h enc_provider.h rc4.c
+ $(srcdir)/../arcfour/arcfour.h $(srcdir)/../cksumtypes.h \
+ enc_provider.h rc4.c
Modified: branches/mkey_migrate/src/lib/crypto/keyhash_provider/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/keyhash_provider/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/keyhash_provider/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -44,8 +44,8 @@
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
$(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \
- $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \
- hmac_md5.c keyhash_provider.h
+ $(srcdir)/../cksumtypes.h $(srcdir)/../hash_provider/hash_provider.h \
+ $(srcdir)/../md5/rsa-md5.h hmac_md5.c keyhash_provider.h
md5_hmac.so md5_hmac.po $(OUTPRE)md5_hmac.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: branches/mkey_migrate/src/lib/crypto/keyhash_provider/md5_hmac.c
===================================================================
--- branches/mkey_migrate/src/lib/crypto/keyhash_provider/md5_hmac.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/keyhash_provider/md5_hmac.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -54,6 +54,7 @@
krb5_MD5Update(&ctx, (unsigned char *)input->data, input->length);
krb5_MD5Final(&ctx);
+ ds.magic = KV5M_DATA;
ds.length = 16;
ds.data = (char *)ctx.digest;
Modified: branches/mkey_migrate/src/lib/crypto/raw/deps
===================================================================
--- branches/mkey_migrate/src/lib/crypto/raw/deps 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/crypto/raw/deps 2009-01-23 19:57:08 UTC (rev 21791)
@@ -31,4 +31,4 @@
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- raw.h raw_aead.c
+ $(srcdir)/../cksumtypes.h raw.h raw_aead.c
Modified: branches/mkey_migrate/src/lib/gssapi/generic/gssapiP_generic.h
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/generic/gssapiP_generic.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/generic/gssapiP_generic.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -175,8 +175,8 @@
unsigned char **buf, int tok_type);
/* flags for g_verify_token_header() */
-#define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED 0x01
-#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE 0x02
+#define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED 0x01
+#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE 0x02
gss_int32 g_verify_token_header (const gss_OID_desc * mech,
unsigned int *body_size,
@@ -263,19 +263,19 @@
OM_uint32
generic_gss_oid_compose(
- OM_uint32 *, /* minor_status */
- const char *, /* prefix */
- size_t, /* prefix_len */
- int, /* suffix */
- gss_OID_desc *); /* oid */
+ OM_uint32 *, /* minor_status */
+ const char *, /* prefix */
+ size_t, /* prefix_len */
+ int, /* suffix */
+ gss_OID_desc *); /* oid */
OM_uint32
generic_gss_oid_decompose(
- OM_uint32 *, /* minor_status */
- const char *, /*prefix */
- size_t, /* prefix_len */
- gss_OID_desc *, /* oid */
- int *); /* suffix */
+ OM_uint32 *, /* minor_status */
+ const char *, /*prefix */
+ size_t, /* prefix_len */
+ gss_OID_desc *, /* oid */
+ int *); /* suffix */
int gssint_mecherrmap_init(void);
void gssint_mecherrmap_destroy(void);
@@ -299,7 +299,7 @@
OM_uint32 generic_gss_copy_oid_set
(OM_uint32 *, /* minor_status */
- const gss_OID_set_desc *, /* const oidset*/
- gss_OID_set * /*new_oidset*/);
+ const gss_OID_set_desc *, /* const oidset*/
+ gss_OID_set * /*new_oidset*/);
#endif /* _GSSAPIP_GENERIC_H_ */
Modified: branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -151,5 +151,5 @@
GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6;
gss_OID gss_nt_exported_name = oids+6;
-GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+7;
+GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+7;
Modified: branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.h
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/generic/gssapi_generic.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -38,8 +38,8 @@
#define GSSAPIGENERIC_END_DECLS
#endif
-#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
- (buf)->value == NULL || (buf)->length == 0)
+#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
+ (buf)->value == NULL || (buf)->length == 0)
GSSAPIGENERIC_BEGIN_DECLS
Modified: branches/mkey_migrate/src/lib/gssapi/generic/util_canonhost.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/generic/util_canonhost.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/generic/util_canonhost.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -45,25 +45,25 @@
char *canon, *str;
if ((hent = gethostbyname(hostname)) == NULL)
- return(NULL);
+ return(NULL);
if (! (haddr = (char *) xmalloc(hent->h_length))) {
- return(NULL);
+ return(NULL);
}
memcpy(haddr, hent->h_addr_list[0], hent->h_length);
if (! (hent = gethostbyaddr(haddr, hent->h_length, hent->h_addrtype))) {
- return(NULL);
+ return(NULL);
}
xfree(haddr);
if ((canon = (char *) strdup(hent->h_name)) == NULL)
- return(NULL);
+ return(NULL);
for (str = canon; *str; str++)
- if (isupper(*str)) *str = tolower(*str);
+ if (isupper(*str)) *str = tolower(*str);
return(canon);
}
Modified: branches/mkey_migrate/src/lib/gssapi/generic/util_localhost.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/generic/util_localhost.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/generic/util_localhost.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -41,7 +41,7 @@
char buf[MAXHOSTNAMELEN+1], *ptr;
if (gethostname(buf, sizeof(buf)) < 0)
- return 0;
+ return 0;
buf[sizeof(buf)-1] = '\0';
Modified: branches/mkey_migrate/src/lib/gssapi/generic/util_token.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/generic/util_token.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/generic/util_token.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -195,7 +195,7 @@
return(G_BAD_TOK_HEADER);
if ((flags & G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE) == 0 &&
- seqsize != toksize)
+ seqsize != toksize)
return(G_BAD_TOK_HEADER);
if ((toksize-=1) < 0)
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/accept_sec_context.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/accept_sec_context.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -243,8 +243,8 @@
*/
static OM_uint32
kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
- input_token, input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec, delegated_cred_handle)
+ input_token, input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec, delegated_cred_handle)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_cred_id_t verifier_cred_handle;
@@ -292,9 +292,9 @@
ap_rep.length = input_token->length;
code = krb5_rd_rep_dce(ctx->k5_context,
- ctx->auth_context,
- &ap_rep,
- &nonce);
+ ctx->auth_context,
+ &ap_rep,
+ &nonce);
if (code != 0) {
major_status = GSS_S_FAILURE;
goto fail;
@@ -304,14 +304,14 @@
if (src_name) {
if ((code = krb5_copy_principal(ctx->k5_context, ctx->there, &name))) {
- major_status = GSS_S_FAILURE;
- goto fail;
+ major_status = GSS_S_FAILURE;
+ goto fail;
}
/* intern the src_name */
if (! kg_save_name((gss_name_t) name)) {
- code = G_VALIDATE_FAILED;
- major_status = GSS_S_FAILURE;
- goto fail;
+ code = G_VALIDATE_FAILED;
+ major_status = GSS_S_FAILURE;
+ goto fail;
}
*src_name = (gss_name_t) name;
}
@@ -334,9 +334,8 @@
fail:
/* real failure code follows */
- if (ctx)
- (void) krb5_gss_delete_sec_context(minor_status,
- (gss_ctx_id_t *) &ctx, NULL);
+ (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
+ NULL);
*context_handle = GSS_C_NO_CONTEXT;
*minor_status = code;
@@ -345,10 +344,10 @@
static OM_uint32
kg_accept_krb5(minor_status, context_handle,
- verifier_cred_handle, input_token,
- input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec,
- delegated_cred_handle)
+ verifier_cred_handle, input_token,
+ input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec,
+ delegated_cred_handle)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_cred_id_t verifier_cred_handle;
@@ -492,11 +491,11 @@
mech_used = gss_mech_krb5;
goto fail;
} else if (code == G_BAD_TOK_HEADER) {
- /* DCE style not encapsulated */
- ap_req.length = input_token->length;
- ap_req.data = input_token->value;
- mech_used = gss_mech_krb5;
- no_encap = 1;
+ /* DCE style not encapsulated */
+ ap_req.length = input_token->length;
+ ap_req.data = input_token->value;
+ mech_used = gss_mech_krb5;
+ no_encap = 1;
} else {
major_status = GSS_S_DEFECTIVE_TOKEN;
goto fail;
@@ -570,23 +569,23 @@
code = krb5_auth_con_getkey(context, auth_context, &subkey);
if (code) {
- major_status = GSS_S_FAILURE;
- goto fail;
+ major_status = GSS_S_FAILURE;
+ goto fail;
}
zero.length = 0;
zero.data = "";
code = krb5_c_verify_checksum(context,
- subkey,
- KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
- &zero,
- authdat->checksum,
- &valid);
+ subkey,
+ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+ &zero,
+ authdat->checksum,
+ &valid);
if (code || !valid) {
- major_status = GSS_S_BAD_SIG;
- krb5_free_keyblock(context, subkey);
- goto fail;
+ major_status = GSS_S_BAD_SIG;
+ krb5_free_keyblock(context, subkey);
+ goto fail;
}
gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
@@ -774,8 +773,8 @@
/* only DCE_STYLE clients are allowed to send raw AP-REQs */
if (no_encap != ((gss_flags & GSS_C_DCE_STYLE) != 0)) {
- major_status = GSS_S_DEFECTIVE_TOKEN;
- goto fail;
+ major_status = GSS_S_DEFECTIVE_TOKEN;
+ goto fail;
}
/* create the ctx struct and start filling it in */
@@ -795,8 +794,8 @@
((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG |
- GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
- GSS_C_EXTENDED_ERROR_FLAG)));
+ GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
+ GSS_C_EXTENDED_ERROR_FLAG)));
ctx->seed_init = 0;
ctx->big_endian = bigend;
ctx->cred_rcache = cred_rcache;
@@ -813,11 +812,11 @@
/* XXX move this into gss_name_t */
if (ticket->enc_part2->authorization_data != NULL &&
- (code = krb5_copy_authdata(context,
- ticket->enc_part2->authorization_data,
- &ctx->authdata))) {
- major_status = GSS_S_FAILURE;
- goto fail;
+ (code = krb5_copy_authdata(context,
+ ticket->enc_part2->authorization_data,
+ &ctx->authdata))) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
}
if ((code = krb5_copy_principal(context, ticket->server, &ctx->here))) {
major_status = GSS_S_FAILURE;
@@ -858,11 +857,11 @@
ctx->have_acceptor_subkey = 0;
/* DCE_STYLE implies acceptor_subkey */
if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
- code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
- if (code) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
+ code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
+ if (code) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
}
ctx->krb_times = ticket->enc_part2->times; /* struct copy */
ctx->krb_flags = ticket->enc_part2->flags;
@@ -892,7 +891,7 @@
/* DCE_STYLE implies mutual authentication */
if (ctx->gss_flags & GSS_C_DCE_STYLE)
- ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
+ ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
/* at this point, the entire context structure is filled in,
so it can be released. */
@@ -904,36 +903,36 @@
krb5_int32 seq_temp;
int cfx_generate_subkey;
- /*
- * Do not generate a subkey per RFC 4537 unless we are upgrading to CFX,
- * because pre-CFX tokens do not indicate which key to use. (Note that
- * DCE_STYLE implies that we will use a subkey.)
- */
- if (ctx->proto == 0 &&
- (ctx->gss_flags & GSS_C_DCE_STYLE) == 0 &&
- (ap_req_options & AP_OPTS_USE_SUBKEY)) {
- code = (*kaccess.krb5_auth_con_get_subkey_enctype) (context,
- auth_context,
- &negotiated_etype);
- if (code != 0) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
+ /*
+ * Do not generate a subkey per RFC 4537 unless we are upgrading to CFX,
+ * because pre-CFX tokens do not indicate which key to use. (Note that
+ * DCE_STYLE implies that we will use a subkey.)
+ */
+ if (ctx->proto == 0 &&
+ (ctx->gss_flags & GSS_C_DCE_STYLE) == 0 &&
+ (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+ code = (*kaccess.krb5_auth_con_get_subkey_enctype) (context,
+ auth_context,
+ &negotiated_etype);
+ if (code != 0) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
- switch (negotiated_etype) {
- case ENCTYPE_DES_CBC_MD5:
- case ENCTYPE_DES_CBC_MD4:
- case ENCTYPE_DES_CBC_CRC:
- case ENCTYPE_DES3_CBC_SHA1:
- case ENCTYPE_ARCFOUR_HMAC:
- case ENCTYPE_ARCFOUR_HMAC_EXP:
- ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
- break;
- }
- }
+ switch (negotiated_etype) {
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_MD4:
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES3_CBC_SHA1:
+ case ENCTYPE_ARCFOUR_HMAC:
+ case ENCTYPE_ARCFOUR_HMAC_EXP:
+ ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
+ break;
+ }
+ }
if (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
- (ap_req_options & AP_OPTS_USE_SUBKEY))
+ (ap_req_options & AP_OPTS_USE_SUBKEY))
cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY;
else
cfx_generate_subkey = 0;
@@ -970,35 +969,35 @@
}
ctx->have_acceptor_subkey = 1;
- code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
- &ctx->acceptor_subkey_cksumtype);
- if (code) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
+ code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
+ &ctx->acceptor_subkey_cksumtype);
+ if (code) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
}
/* the reply token hasn't been sent yet, but that's ok. */
- if (ctx->gss_flags & GSS_C_DCE_STYLE) {
- assert(ctx->have_acceptor_subkey);
+ if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+ assert(ctx->have_acceptor_subkey);
- /* in order to force acceptor subkey to be used, don't set PROT_READY */
+ /* in order to force acceptor subkey to be used, don't set PROT_READY */
- /* Raw AP-REP is returned */
- output_token->length = ap_rep.length;
- output_token->value = ap_rep.data;
- ap_rep.data = NULL; /* don't double free */
+ /* Raw AP-REP is returned */
+ output_token->length = ap_rep.length;
+ output_token->value = ap_rep.data;
+ ap_rep.data = NULL; /* don't double free */
- ctx->established = 0;
+ ctx->established = 0;
- *context_handle = (gss_ctx_id_t)ctx;
- *minor_status = 0;
- major_status = GSS_S_CONTINUE_NEEDED;
+ *context_handle = (gss_ctx_id_t)ctx;
+ *minor_status = 0;
+ major_status = GSS_S_CONTINUE_NEEDED;
- /* Only last leg should set return arguments */
- goto fail;
- } else
- ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+ /* Only last leg should set return arguments */
+ goto fail;
+ } else
+ ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
ctx->established = 1;
@@ -1086,7 +1085,7 @@
if (ap_rep.data)
krb5_free_data_contents(context, &ap_rep);
if (major_status == GSS_S_COMPLETE ||
- (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
+ (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
ctx->k5_context = context;
context = NULL;
goto done;
@@ -1212,22 +1211,22 @@
*/
/*SUPPRESS 29*/
if (ctx != NULL) {
- if (ctx->established == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
- return kg_accept_dce(minor_status, context_handle,
- verifier_cred_handle, input_token,
- input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec,
- delegated_cred_handle);
- } else {
- *minor_status = EINVAL;
- save_error_string(EINVAL, "accept_sec_context called with existing context handle");
- return GSS_S_FAILURE;
- }
+ if (ctx->established == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+ return kg_accept_dce(minor_status, context_handle,
+ verifier_cred_handle, input_token,
+ input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec,
+ delegated_cred_handle);
+ } else {
+ *minor_status = EINVAL;
+ save_error_string(EINVAL, "accept_sec_context called with existing context handle");
+ return GSS_S_FAILURE;
+ }
}
return kg_accept_krb5(minor_status, context_handle,
- verifier_cred_handle, input_token,
- input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec,
- delegated_cred_handle);
+ verifier_cred_handle, input_token,
+ input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec,
+ delegated_cred_handle);
}
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/acquire_cred.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/acquire_cred.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -99,9 +99,9 @@
/* Heimdal calls this gsskrb5_register_acceptor_identity. */
OM_uint32
gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
char *new, *old;
int err;
@@ -264,11 +264,11 @@
if (!err) {
err = kim_ccache_create_from_client_identity (&kimccache, identity);
}
-
+
if (!err) {
err = kim_ccache_get_state (kimccache, &state);
}
-
+
if (!err && state != kim_credentials_state_valid) {
if (state == kim_credentials_state_needs_validation) {
err = kim_ccache_validate (kimccache, KIM_OPTIONS_DEFAULT);
@@ -277,13 +277,13 @@
ccache = NULL;
}
}
-
+
if (!kimccache && kim_library_allow_automatic_prompting ()) {
/* ccache does not already exist, create a new one */
- err = kim_ccache_create_new (&kimccache, identity,
+ err = kim_ccache_create_new (&kimccache, identity,
KIM_OPTIONS_DEFAULT);
- }
-
+ }
+
if (!err) {
err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache);
}
@@ -746,9 +746,9 @@
if (cred->rcache != NULL) {
code = krb5_rc_close(context, cred->rcache);
if (code) {
- *minor_status = code;
- krb5_free_context(context);
- return GSS_S_FAILURE;
+ *minor_status = code;
+ krb5_free_context(context);
+ return GSS_S_FAILURE;
}
}
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/copy_ccache.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/copy_ccache.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/copy_ccache.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -3,9 +3,9 @@
OM_uint32 KRB5_CALLCONV
gss_krb5int_copy_ccache(OM_uint32 *minor_status,
- gss_cred_id_t cred_handle,
- const gss_OID desired_object,
- const gss_buffer_t value)
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
{
krb5_gss_cred_id_t k5creds;
krb5_cc_cursor cursor;
@@ -13,11 +13,11 @@
krb5_error_code code;
krb5_context context;
krb5_ccache out_ccache;
-
+
assert(value->length == sizeof(out_ccache));
if (value->length != sizeof(out_ccache))
- return GSS_S_FAILURE;
+ return GSS_S_FAILURE;
out_ccache = (krb5_ccache)value->value;
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/delete_sec_context.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/delete_sec_context.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/delete_sec_context.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -107,7 +107,7 @@
krb5_gss_release_oid(minor_status, &ctx->mech_used);
if (ctx->authdata)
- krb5_free_authdata(context, ctx->authdata);
+ krb5_free_authdata(context, ctx->authdata);
if (ctx->k5_context)
krb5_free_context(ctx->k5_context);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/get_tkt_flags.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/get_tkt_flags.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/get_tkt_flags.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -29,9 +29,9 @@
OM_uint32 KRB5_CALLCONV
gss_krb5int_get_tkt_flags(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_OID desired_object,
- gss_buffer_set_t *data_set)
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
{
krb5_gss_ctx_id_rec *ctx;
gss_buffer_desc rep;
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -264,9 +264,9 @@
krb5_error_code
kg_setup_keys(krb5_context context,
- krb5_gss_ctx_id_rec *ctx,
- krb5_keyblock *subkey,
- krb5_cksumtype *cksumtype);
+ krb5_gss_ctx_id_rec *ctx,
+ krb5_keyblock *subkey,
+ krb5_cksumtype *cksumtype);
int kg_confounder_size (krb5_context context, krb5_keyblock *key);
@@ -282,10 +282,10 @@
krb5_error_code kg_encrypt_iov (krb5_context context,
int proto, int dce_style,
- size_t ec, size_t rrc,
- krb5_keyblock *key, int usage,
+ size_t ec, size_t rrc,
+ krb5_keyblock *key, int usage,
krb5_pointer iv,
- gss_iov_buffer_desc *iov,
+ gss_iov_buffer_desc *iov,
int iov_count);
krb5_error_code
@@ -296,9 +296,9 @@
krb5_error_code
kg_arcfour_docrypt_iov (krb5_context context,
- const krb5_keyblock *longterm_key , int ms_usage,
+ const krb5_keyblock *longterm_key , int ms_usage,
const unsigned char *kd_data, size_t kd_data_len,
- gss_iov_buffer_desc *iov,
+ gss_iov_buffer_desc *iov,
int iov_count);
krb5_error_code kg_decrypt (krb5_context context,
@@ -310,10 +310,10 @@
krb5_error_code kg_decrypt_iov (krb5_context context,
int proto, int dce_style,
- size_t ec, size_t rrc,
+ size_t ec, size_t rrc,
krb5_keyblock *key, int usage,
krb5_pointer iv,
- gss_iov_buffer_desc *iov,
+ gss_iov_buffer_desc *iov,
int iov_count);
OM_uint32 kg_seal (OM_uint32 *minor_status,
@@ -368,92 +368,92 @@
/* AEAD */
krb5_error_code gss_krb5int_make_seal_token_v3_iov(krb5_context context,
- krb5_gss_ctx_id_rec *ctx,
- int conf_req_flag,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype);
+ krb5_gss_ctx_id_rec *ctx,
+ int conf_req_flag,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype);
OM_uint32 gss_krb5int_unseal_v3_iov(krb5_context context,
- OM_uint32 *minor_status,
- krb5_gss_ctx_id_rec *ctx,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int *conf_state,
- gss_qop_t *qop_state,
- int toktype);
+ OM_uint32 *minor_status,
+ krb5_gss_ctx_id_rec *ctx,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ int toktype);
gss_iov_buffer_t kg_locate_iov (gss_iov_buffer_desc *iov,
- int iov_count,
- OM_uint32 type);
+ int iov_count,
+ OM_uint32 type);
void kg_iov_msglen(gss_iov_buffer_desc *iov,
- int iov_count,
- size_t *data_length,
- size_t *assoc_data_length);
+ int iov_count,
+ size_t *data_length,
+ size_t *assoc_data_length);
void kg_release_iov(gss_iov_buffer_desc *iov,
- int iov_count);
+ int iov_count);
krb5_error_code kg_make_checksum_iov_v1(krb5_context context,
- krb5_cksumtype type,
- size_t token_cksum_len,
- krb5_keyblock *seq,
- krb5_keyblock *enc, /* for conf len */
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype,
- krb5_checksum *checksum);
+ krb5_cksumtype type,
+ size_t token_cksum_len,
+ krb5_keyblock *seq,
+ krb5_keyblock *enc, /* for conf len */
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype,
+ krb5_checksum *checksum);
krb5_error_code kg_make_checksum_iov_v3(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count);
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
krb5_error_code kg_verify_checksum_iov_v3(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- krb5_boolean *valid);
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ krb5_boolean *valid);
OM_uint32 kg_seal_iov (OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype);
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype);
OM_uint32 kg_unseal_iov (OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int *conf_state,
- gss_qop_t *qop_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype);
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype);
OM_uint32 kg_seal_iov_length(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count);
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
krb5_cryptotype kg_translate_flag_iov(OM_uint32 type);
OM_uint32 kg_fixup_padding_iov(OM_uint32 *minor_status,
- gss_iov_buffer_desc *iov,
- int iov_count);
+ gss_iov_buffer_desc *iov,
+ int iov_count);
int kg_map_toktype(int proto, int toktype);
@@ -621,24 +621,24 @@
);
OM_uint32 krb5_gss_wrap_iov
-(OM_uint32 *, /* minor_status */
- gss_ctx_id_t, /* context_handle */
- int, /* conf_req_flag */
- gss_qop_t, /* qop_req */
- int *, /* conf_state */
- gss_iov_buffer_desc *, /* iov */
- int /* iov_count */
+(OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ int *, /* conf_state */
+ gss_iov_buffer_desc *, /* iov */
+ int /* iov_count */
);
OM_uint32
krb5_gss_wrap_iov_length
-(OM_uint32 *, /* minor_status */
- gss_ctx_id_t, /* context_handle */
- int, /* conf_req_flag */
- gss_qop_t, /* qop_req */
- int *, /* conf_state */
- gss_iov_buffer_desc *, /* iov */
- int /* iov_count */
+(OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ int *, /* conf_state */
+ gss_iov_buffer_desc *, /* iov */
+ int /* iov_count */
);
OM_uint32 krb5_gss_unwrap
@@ -651,12 +651,12 @@
);
OM_uint32 krb5_gss_unwrap_iov
-(OM_uint32 *, /* minor_status */
- gss_ctx_id_t, /* context_handle */
- int *, /* conf_state */
- gss_qop_t *, /* qop_state */
- gss_iov_buffer_desc *, /* iov */
- int /* iov_count */
+(OM_uint32 *, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int *, /* conf_state */
+ gss_qop_t *, /* qop_state */
+ gss_iov_buffer_desc *, /* iov */
+ int /* iov_count */
);
OM_uint32 krb5_gss_wrap_size_limit
@@ -855,7 +855,7 @@
OM_uint32
gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
- const gss_OID, gss_buffer_t);
+ const gss_OID, gss_buffer_t);
extern k5_mutex_t kg_kdc_flag_mutex;
krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
@@ -864,7 +864,7 @@
#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
- const gss_OID, gss_buffer_t);
+ const gss_OID, gss_buffer_t);
krb5_error_code krb5_gss_use_kdc_context(void);
@@ -879,9 +879,9 @@
OM_uint32
gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_OID desired_object,
- gss_buffer_set_t *ad_data);
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *ad_data);
#define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
@@ -894,9 +894,9 @@
OM_uint32
gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
- const gss_ctx_id_t,
- const gss_OID,
- gss_buffer_set_t *);
+ const gss_ctx_id_t,
+ const gss_OID,
+ gss_buffer_set_t *);
#ifdef _GSS_STATIC_LINK
int gss_krb5int_lib_init(void);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -306,8 +306,8 @@
}
#define g_OID_prefix_equal(o1, o2) \
- (((o1)->length >= (o2)->length) && \
- (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
+ (((o1)->length >= (o2)->length) && \
+ (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
/*
* gss_inquire_sec_context_by_oid() methods
@@ -317,70 +317,70 @@
OM_uint32 (*func)(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
} krb5_gss_inquire_sec_context_by_oid_ops[] = {
{
- {GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID},
- gss_krb5int_get_tkt_flags
+ {GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID},
+ gss_krb5int_get_tkt_flags
},
{
- {GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID},
- gss_krb5int_extract_authz_data_from_sec_context
+ {GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID},
+ gss_krb5int_extract_authz_data_from_sec_context
},
{
- {GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID},
- gss_krb5int_inq_session_key
+ {GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID},
+ gss_krb5int_inq_session_key
},
{
- {GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID},
- gss_krb5int_export_lucid_sec_context
+ {GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID},
+ gss_krb5int_export_lucid_sec_context
},
{
- {GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID},
- gss_krb5int_extract_authtime_from_sec_context
+ {GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID},
+ gss_krb5int_extract_authtime_from_sec_context
}
};
static OM_uint32
krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_OID desired_object,
- gss_buffer_set_t *data_set)
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
{
krb5_gss_ctx_id_rec *ctx;
size_t i;
if (minor_status == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor_status = 0;
if (desired_object == GSS_C_NO_OID)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ return GSS_S_CALL_INACCESSIBLE_READ;
if (data_set == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*data_set = GSS_C_NO_BUFFER_SET;
if (!kg_validate_ctx_id(context_handle))
- return GSS_S_NO_CONTEXT;
+ return GSS_S_NO_CONTEXT;
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (!ctx->established)
- return GSS_S_NO_CONTEXT;
+ return GSS_S_NO_CONTEXT;
for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
- sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
- if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
- return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
- context_handle,
- desired_object,
- data_set);
- }
+ sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
+ if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
+ return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
+ context_handle,
+ desired_object,
+ data_set);
+ }
}
*minor_status = EINVAL;
- return GSS_S_UNAVAILABLE;
+ return GSS_S_UNAVAILABLE;
}
/*
@@ -396,46 +396,46 @@
static OM_uint32
krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status,
- const gss_cred_id_t cred_handle,
- const gss_OID desired_object,
- gss_buffer_set_t *data_set)
+ const gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
{
OM_uint32 major_status = GSS_S_FAILURE;
krb5_gss_cred_id_t cred;
size_t i;
if (minor_status == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor_status = 0;
if (desired_object == GSS_C_NO_OID)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ return GSS_S_CALL_INACCESSIBLE_READ;
if (data_set == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*data_set = GSS_C_NO_BUFFER_SET;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
- *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
- return GSS_S_NO_CRED;
+ *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
+ return GSS_S_NO_CRED;
}
major_status = krb5_gss_validate_cred(minor_status, cred_handle);
if (GSS_ERROR(major_status))
- return major_status;
+ return major_status;
cred = (krb5_gss_cred_id_t) cred_handle;
#if 0
for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
- sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
- if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
- return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
- cred_handle,
- desired_object,
- data_set);
- }
+ sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
+ if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
+ return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
+ cred_handle,
+ desired_object,
+ data_set);
+ }
}
#endif
@@ -457,50 +457,50 @@
static OM_uint32
krb5_gss_set_sec_context_option (OM_uint32 *minor_status,
- gss_ctx_id_t *context_handle,
- const gss_OID desired_object,
- const gss_buffer_t value)
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
{
size_t i;
if (minor_status == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor_status = 0;
if (context_handle == NULL)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ return GSS_S_CALL_INACCESSIBLE_READ;
if (desired_object == GSS_C_NO_OID)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ return GSS_S_CALL_INACCESSIBLE_READ;
if (*context_handle != GSS_C_NO_CONTEXT) {
- krb5_gss_ctx_id_rec *ctx;
+ krb5_gss_ctx_id_rec *ctx;
- if (!kg_validate_ctx_id(*context_handle))
- return GSS_S_NO_CONTEXT;
+ if (!kg_validate_ctx_id(*context_handle))
+ return GSS_S_NO_CONTEXT;
- ctx = (krb5_gss_ctx_id_rec *) context_handle;
+ ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (!ctx->established)
- return GSS_S_NO_CONTEXT;
+ if (!ctx->established)
+ return GSS_S_NO_CONTEXT;
}
#if 0
for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
- sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
- if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) {
- return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status,
- context_handle,
- desired_object,
- value);
- }
+ sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
+ if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) {
+ return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status,
+ context_handle,
+ desired_object,
+ value);
+ }
}
#endif
*minor_status = EINVAL;
- return GSS_S_UNAVAILABLE;
+ return GSS_S_UNAVAILABLE;
}
/*
@@ -511,53 +511,53 @@
OM_uint32 (*func)(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t);
} krb5_gssspi_set_cred_option_ops[] = {
{
- {GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID},
- gss_krb5int_copy_ccache
+ {GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID},
+ gss_krb5int_copy_ccache
},
{
- {GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID},
- gss_krb5int_set_allowable_enctypes
+ {GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID},
+ gss_krb5int_set_allowable_enctypes
},
{
- {GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID},
- gss_krb5int_set_cred_rcache
+ {GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID},
+ gss_krb5int_set_cred_rcache
}
};
static OM_uint32
krb5_gssspi_set_cred_option(OM_uint32 *minor_status,
- gss_cred_id_t cred_handle,
- const gss_OID desired_object,
- const gss_buffer_t value)
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
{
OM_uint32 major_status = GSS_S_FAILURE;
size_t i;
if (minor_status == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor_status = 0;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
- *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
- return GSS_S_NO_CRED;
+ *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
+ return GSS_S_NO_CRED;
}
if (desired_object == GSS_C_NO_OID)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ return GSS_S_CALL_INACCESSIBLE_READ;
major_status = krb5_gss_validate_cred(minor_status, cred_handle);
if (GSS_ERROR(major_status))
- return major_status;
+ return major_status;
for (i = 0; i < sizeof(krb5_gssspi_set_cred_option_ops)/
- sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
- if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
- return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
- cred_handle,
- desired_object,
- value);
- }
+ sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
+ if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
+ return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
+ cred_handle,
+ desired_object,
+ value);
+ }
}
*minor_status = EINVAL;
@@ -573,50 +573,50 @@
OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
} krb5_gssspi_mech_invoke_ops[] = {
{
- {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
- gss_krb5int_register_acceptor_identity
+ {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
+ gss_krb5int_register_acceptor_identity
},
{
- {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID},
- gss_krb5int_ccache_name
+ {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID},
+ gss_krb5int_ccache_name
},
{
- {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
- gss_krb5int_free_lucid_sec_context
+ {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
+ gss_krb5int_free_lucid_sec_context
},
{
- {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
- krb5int_gss_use_kdc_context
+ {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
+ krb5int_gss_use_kdc_context
}
};
static OM_uint32
krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
size_t i;
if (minor_status == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*minor_status = 0;
if (desired_mech == GSS_C_NO_OID)
- return GSS_S_BAD_MECH;
+ return GSS_S_BAD_MECH;
if (desired_object == GSS_C_NO_OID)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ return GSS_S_CALL_INACCESSIBLE_READ;
for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
- sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
- if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
- return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
- desired_mech,
- desired_object,
- value);
- }
+ sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
+ if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
+ return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
+ desired_mech,
+ desired_object,
+ value);
+ }
}
*minor_status = EINVAL;
@@ -626,7 +626,7 @@
static struct gss_config krb5_mechanism = {
{ GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
- NULL,
+ NULL,
krb5_gss_acquire_cred,
krb5_gss_release_cred,
krb5_gss_init_sec_context,
@@ -674,12 +674,12 @@
krb5_gss_set_sec_context_option,
krb5_gssspi_set_cred_option,
krb5_gssspi_mech_invoke,
- NULL, /* wrap_aead */
- NULL, /* unwrap_aead */
+ NULL, /* wrap_aead */
+ NULL, /* unwrap_aead */
krb5_gss_wrap_iov,
krb5_gss_unwrap_iov,
krb5_gss_wrap_iov_length,
- NULL, /* complete_auth_token */
+ NULL, /* complete_auth_token */
};
@@ -748,12 +748,12 @@
return err;
err = k5_mutex_finish_init(&kg_vdb.mutex);
if (err)
- return err;
+ return err;
#endif
#ifdef _GSS_STATIC_LINK
err = gss_krb5mechglue_init();
if (err)
- return err;
+ return err;
#endif
return 0;
@@ -797,4 +797,3 @@
return CALL_INIT_FUNCTION(gss_krb5int_lib_init);
#endif
}
-
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.hin
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.hin 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/gssapi_krb5.hin 2009-01-23 19:57:08 UTC (rev 21791)
@@ -269,14 +269,14 @@
OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- int ad_type,
- gss_buffer_t ad_data);
+ const gss_ctx_id_t context_handle,
+ int ad_type,
+ gss_buffer_t ad_data);
OM_uint32 KRB5_CALLCONV
gss_krb5_set_cred_rcache(OM_uint32 *minor_status,
- gss_cred_id_t cred,
- krb5_rcache rcache);
+ gss_cred_id_t cred,
+ krb5_rcache rcache);
OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, krb5_timestamp *);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/init_sec_context.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/init_sec_context.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -341,35 +341,35 @@
/* build up the token */
if (ctx->gss_flags & GSS_C_DCE_STYLE) {
- /*
- * For DCE RPC, do not encapsulate the AP-REQ in the
- * typical GSS wrapping.
- */
- token->length = ap_req.length;
- token->value = ap_req.data;
+ /*
+ * For DCE RPC, do not encapsulate the AP-REQ in the
+ * typical GSS wrapping.
+ */
+ token->length = ap_req.length;
+ token->value = ap_req.data;
- ap_req.data = NULL; /* don't double free */
+ ap_req.data = NULL; /* don't double free */
} else {
- /* allocate space for the token */
- tlen = g_token_size((gss_OID) mech_type, ap_req.length);
+ /* allocate space for the token */
+ tlen = g_token_size((gss_OID) mech_type, ap_req.length);
- if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
- code = ENOMEM;
- goto cleanup;
- }
+ if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
+ code = ENOMEM;
+ goto cleanup;
+ }
- /* fill in the buffer */
- ptr = t;
+ /* fill in the buffer */
+ ptr = t;
- g_make_token_header(mech_type, ap_req.length,
- &ptr, KG_TOK_CTX_AP_REQ);
+ g_make_token_header(mech_type, ap_req.length,
+ &ptr, KG_TOK_CTX_AP_REQ);
- TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
+ TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
- /* pass it back */
+ /* pass it back */
- token->length = tlen;
- token->value = (void *) t;
+ token->length = tlen;
+ token->value = (void *) t;
}
code = 0;
@@ -462,14 +462,14 @@
GSS_C_TRANS_FLAG |
((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG |
- GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
- GSS_C_EXTENDED_ERROR_FLAG)));
+ GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
+ GSS_C_EXTENDED_ERROR_FLAG)));
ctx->seed_init = 0;
ctx->big_endian = 0; /* all initiators do little-endian, as per spec */
ctx->seqstate = 0;
if (req_flags & GSS_C_DCE_STYLE)
- ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
+ ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
if ((code = krb5_timeofday(context, &now)))
goto fail;
@@ -528,16 +528,14 @@
&ctx->subkey);
}
- if (k_cred) {
- krb5_free_creds(context, k_cred);
- k_cred = NULL;
- }
+ krb5_free_creds(context, k_cred);
+ k_cred = NULL;
ctx->enc = NULL;
ctx->seq = NULL;
ctx->have_acceptor_subkey = 0;
code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
if (code != 0)
- goto fail;
+ goto fail;
/* at this point, the context is constructed and valid,
hence, releaseable */
@@ -679,9 +677,9 @@
ptr = (unsigned char *) input_token->value;
if (ctx->gss_flags & GSS_C_DCE_STYLE) {
- /* Raw AP-REP */
- ap_rep.length = input_token->length;
- ap_rep.data = (char *)input_token->value;
+ /* Raw AP-REP */
+ ap_rep.length = input_token->length;
+ ap_rep.data = (char *)input_token->value;
} else if (g_verify_token_header(ctx->mech_used,
&(ap_rep.length),
&ptr, KG_TOK_CTX_AP_REP,
@@ -735,35 +733,35 @@
(ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto);
if (ap_rep_data->subkey != NULL &&
- (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
- ap_rep_data->subkey->enctype != ctx->subkey->enctype)) {
+ (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
+ ap_rep_data->subkey->enctype != ctx->subkey->enctype)) {
/* Keep acceptor's subkey. */
ctx->have_acceptor_subkey = 1;
code = krb5_copy_keyblock(context, ap_rep_data->subkey,
&ctx->acceptor_subkey);
if (code) {
- krb5_free_ap_rep_enc_part(context, ap_rep_data);
+ krb5_free_ap_rep_enc_part(context, ap_rep_data);
goto fail;
- }
- code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
- &ctx->acceptor_subkey_cksumtype);
- if (code) {
- krb5_free_ap_rep_enc_part(context, ap_rep_data);
- goto fail;
- }
+ }
+ code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
+ &ctx->acceptor_subkey_cksumtype);
+ if (code) {
+ krb5_free_ap_rep_enc_part(context, ap_rep_data);
+ goto fail;
+ }
}
/* free the ap_rep_data */
krb5_free_ap_rep_enc_part(context, ap_rep_data);
if (ctx->gss_flags & GSS_C_DCE_STYLE) {
- krb5_data outbuf;
+ krb5_data outbuf;
- code = krb5_mk_rep_dce(context, ctx->auth_context, &outbuf);
- if (code)
- goto fail;
+ code = krb5_mk_rep_dce(context, ctx->auth_context, &outbuf);
+ if (code)
+ goto fail;
- output_token->value = outbuf.data;
- output_token->length = outbuf.length;
+ output_token->value = outbuf.data;
+ output_token->length = outbuf.length;
}
/* set established */
@@ -988,9 +986,9 @@
#ifndef _WIN32
OM_uint32
krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
OM_uint32 err;
@@ -1001,7 +999,7 @@
return err;
*minor_status = k5_mutex_lock(&kg_kdc_flag_mutex);
if (*minor_status) {
- return GSS_S_FAILURE;
+ return GSS_S_FAILURE;
}
kdc_flag = 1;
k5_mutex_unlock(&kg_kdc_flag_mutex);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/inq_context.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/inq_context.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/inq_context.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -211,33 +211,33 @@
major_status = generic_gss_add_buffer_set_member(minor_status, &keyvalue, data_set);
if (GSS_ERROR(major_status))
- goto cleanup;
+ goto cleanup;
oid.elements = oid_buf;
oid.length = sizeof(oid_buf);
major_status = generic_gss_oid_compose(minor_status,
- GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
- GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
- key->enctype,
- &oid);
+ GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
+ GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
+ key->enctype,
+ &oid);
if (GSS_ERROR(major_status))
- goto cleanup;
+ goto cleanup;
keyinfo.value = oid.elements;
keyinfo.length = oid.length;
major_status = generic_gss_add_buffer_set_member(minor_status, &keyinfo, data_set);
if (GSS_ERROR(major_status))
- goto cleanup;
+ goto cleanup;
return GSS_S_COMPLETE;
cleanup:
if (*data_set != GSS_C_NO_BUFFER_SET) {
- if ((*data_set)->count != 0)
- memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length);
- gss_release_buffer_set(&minor, data_set);
+ if ((*data_set)->count != 0)
+ memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length);
+ gss_release_buffer_set(&minor, data_set);
}
return major_status;
@@ -260,35 +260,35 @@
ctx = (krb5_gss_ctx_id_rec *) context_handle;
major_status = generic_gss_oid_decompose(minor_status,
- GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
- GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
- desired_object,
- &ad_type);
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+ desired_object,
+ &ad_type);
if (major_status != GSS_S_COMPLETE || ad_type == 0) {
- *minor_status = ENOENT;
- return GSS_S_FAILURE;
+ *minor_status = ENOENT;
+ return GSS_S_FAILURE;
}
if (ctx->authdata != NULL) {
- for (i = 0; ctx->authdata[i] != NULL; i++) {
- if (ctx->authdata[i]->ad_type == ad_type) {
- gss_buffer_desc ad_data;
+ for (i = 0; ctx->authdata[i] != NULL; i++) {
+ if (ctx->authdata[i]->ad_type == ad_type) {
+ gss_buffer_desc ad_data;
- ad_data.length = ctx->authdata[i]->length;
- ad_data.value = ctx->authdata[i]->contents;
+ ad_data.length = ctx->authdata[i]->length;
+ ad_data.value = ctx->authdata[i]->contents;
- major_status = generic_gss_add_buffer_set_member(minor_status,
- &ad_data, data_set);
- if (GSS_ERROR(major_status))
- break;
- }
- }
+ major_status = generic_gss_add_buffer_set_member(minor_status,
+ &ad_data, data_set);
+ if (GSS_ERROR(major_status))
+ break;
+ }
+ }
}
if (GSS_ERROR(major_status)) {
- OM_uint32 tmp;
+ OM_uint32 tmp;
- generic_gss_release_buffer_set(&tmp, data_set);
+ generic_gss_release_buffer_set(&tmp, data_set);
}
return major_status;
@@ -296,7 +296,7 @@
OM_uint32
gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ const gss_ctx_id_t context_handle,
const gss_OID desired_oid,
gss_buffer_set_t *data_set)
{
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/k5seal.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/k5seal.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/k5seal.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -247,7 +247,7 @@
/* create the seq_num */
if ((code = kg_make_seq_num(context, seq, direction?0:0xff,
- (krb5_ui_4)*seqnum, ptr+14, ptr+6))) {
+ (krb5_ui_4)*seqnum, ptr+14, ptr+6))) {
xfree (plain);
xfree(t);
return(code);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/k5sealiov.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/k5sealiov.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/k5sealiov.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -28,19 +28,19 @@
*/
#include <assert.h>
-#include "k5-platform.h" /* for 64-bit support */
-#include "k5-int.h" /* for zap() */
+#include "k5-platform.h" /* for 64-bit support */
+#include "k5-int.h" /* for zap() */
#include "gssapiP_krb5.h"
#include <stdarg.h>
static krb5_error_code
make_seal_token_v1_iov(krb5_context context,
- krb5_gss_ctx_id_rec *ctx,
- int conf_req_flag,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype)
+ krb5_gss_ctx_id_rec *ctx,
+ int conf_req_flag,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype)
{
krb5_error_code code = 0;
gss_iov_buffer_t header;
@@ -61,58 +61,58 @@
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL)
- return EINVAL;
+ return EINVAL;
padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (padding == NULL && (ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
- return EINVAL;
+ return EINVAL;
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
if (trailer != NULL)
- trailer->buffer.length = 0;
+ trailer->buffer.length = 0;
/* Determine confounder length */
if (toktype == KG_TOK_WRAP_MSG || conf_req_flag)
- k5_headerlen = kg_confounder_size(context, ctx->enc);
+ k5_headerlen = kg_confounder_size(context, ctx->enc);
/* Check padding length */
if (toktype == KG_TOK_WRAP_MSG) {
- size_t k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
- size_t gss_padlen;
- size_t conf_data_length;
+ size_t k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
+ size_t gss_padlen;
+ size_t conf_data_length;
- kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
- conf_data_length = k5_headerlen + data_length - assoc_data_length;
+ kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+ conf_data_length = k5_headerlen + data_length - assoc_data_length;
- if (k5_padlen == 1)
- gss_padlen = 1; /* one byte to indicate one byte of padding */
- else
- gss_padlen = k5_padlen - (conf_data_length % k5_padlen);
+ if (k5_padlen == 1)
+ gss_padlen = 1; /* one byte to indicate one byte of padding */
+ else
+ gss_padlen = k5_padlen - (conf_data_length % k5_padlen);
- if (ctx->gss_flags & GSS_C_DCE_STYLE) {
- /* DCE will pad the actual data itself; padding buffer optional and will be zeroed */
- gss_padlen = 0;
+ if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+ /* DCE will pad the actual data itself; padding buffer optional and will be zeroed */
+ gss_padlen = 0;
- if (conf_data_length % k5_padlen)
- code = KRB5_BAD_MSIZE;
- } else if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
- code = kg_allocate_iov(padding, gss_padlen);
- } else if (padding->buffer.length < gss_padlen) {
- code = KRB5_BAD_MSIZE;
- }
- if (code != 0)
- goto cleanup;
+ if (conf_data_length % k5_padlen)
+ code = KRB5_BAD_MSIZE;
+ } else if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+ code = kg_allocate_iov(padding, gss_padlen);
+ } else if (padding->buffer.length < gss_padlen) {
+ code = KRB5_BAD_MSIZE;
+ }
+ if (code != 0)
+ goto cleanup;
- /* Initialize padding buffer to pad itself */
- if (padding != NULL) {
- padding->buffer.length = gss_padlen;
- memset(padding->buffer.value, (int)gss_padlen, gss_padlen);
- }
+ /* Initialize padding buffer to pad itself */
+ if (padding != NULL) {
+ padding->buffer.length = gss_padlen;
+ memset(padding->buffer.value, (int)gss_padlen, gss_padlen);
+ }
- if (ctx->gss_flags & GSS_C_DCE_STYLE)
- tmsglen = k5_headerlen; /* confounder length */
- else
- tmsglen = conf_data_length + padding->buffer.length;
+ if (ctx->gss_flags & GSS_C_DCE_STYLE)
+ tmsglen = k5_headerlen; /* confounder length */
+ else
+ tmsglen = conf_data_length + padding->buffer.length;
}
/* Determine token size */
@@ -121,11 +121,11 @@
k5_headerlen += tlen - tmsglen;
if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
- code = kg_allocate_iov(header, k5_headerlen);
+ code = kg_allocate_iov(header, k5_headerlen);
else if (header->buffer.length < k5_headerlen)
- code = KRB5_BAD_MSIZE;
+ code = KRB5_BAD_MSIZE;
if (code != 0)
- goto cleanup;
+ goto cleanup;
header->buffer.length = k5_headerlen;
@@ -138,12 +138,12 @@
/* 2..3 SEAL_ALG or Filler */
if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
- ptr[2] = (ctx->sealalg ) & 0xFF;
- ptr[3] = (ctx->sealalg >> 8) & 0xFF;
+ ptr[2] = (ctx->sealalg ) & 0xFF;
+ ptr[3] = (ctx->sealalg >> 8) & 0xFF;
} else {
- /* No seal */
- ptr[2] = 0xFF;
- ptr[3] = 0xFF;
+ /* No seal */
+ ptr[2] = 0xFF;
+ ptr[3] = 0xFF;
}
/* 4..5 Filler */
@@ -156,103 +156,103 @@
switch (ctx->signalg) {
case SGN_ALG_DES_MAC_MD5:
case SGN_ALG_MD2_5:
- md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+ break;
case SGN_ALG_HMAC_MD5:
- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
- if (toktype != KG_TOK_WRAP_MSG)
- sign_usage = 15;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+ if (toktype != KG_TOK_WRAP_MSG)
+ sign_usage = 15;
+ break;
default:
case SGN_ALG_DES_MAC:
- abort ();
+ abort ();
}
code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen);
if (code != 0)
- goto cleanup;
+ goto cleanup;
md5cksum.length = k5_trailerlen;
if (k5_headerlen != 0) {
- code = kg_make_confounder(context, ctx->enc, ptr + 14 + ctx->cksum_size);
- if (code != 0)
- goto cleanup;
+ code = kg_make_confounder(context, ctx->enc, ptr + 14 + ctx->cksum_size);
+ if (code != 0)
+ goto cleanup;
}
/* compute the checksum */
code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type,
- ctx->cksum_size, ctx->seq, ctx->enc,
- sign_usage, iov, iov_count, toktype,
- &md5cksum);
+ ctx->cksum_size, ctx->seq, ctx->enc,
+ sign_usage, iov, iov_count, toktype,
+ &md5cksum);
if (code != 0)
- goto cleanup;
+ goto cleanup;
switch (ctx->signalg) {
case SGN_ALG_DES_MAC_MD5:
case SGN_ALG_3:
- code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
- (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
- ctx->seq->contents : NULL),
- md5cksum.contents, md5cksum.contents, 16);
- if (code != 0)
- goto cleanup;
+ code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+ (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+ ctx->seq->contents : NULL),
+ md5cksum.contents, md5cksum.contents, 16);
+ if (code != 0)
+ goto cleanup;
- cksum.length = ctx->cksum_size;
- cksum.contents = md5cksum.contents + 16 - cksum.length;
+ cksum.length = ctx->cksum_size;
+ cksum.contents = md5cksum.contents + 16 - cksum.length;
- memcpy(ptr + 14, cksum.contents, cksum.length);
- break;
+ memcpy(ptr + 14, cksum.contents, cksum.length);
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
- assert(md5cksum.length == ctx->cksum_size);
- memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
- break;
+ assert(md5cksum.length == ctx->cksum_size);
+ memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
+ break;
case SGN_ALG_HMAC_MD5:
- memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
- break;
+ memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
+ break;
}
/* create the seq_num */
code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF,
- (OM_uint32)ctx->seq_send, ptr + 14, ptr + 6);
+ (OM_uint32)ctx->seq_send, ptr + 14, ptr + 6);
if (code != 0)
- goto cleanup;
+ goto cleanup;
if (conf_req_flag) {
- if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
- unsigned char bigend_seqnum[4];
- krb5_keyblock *enc_key;
- size_t i;
+ if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+ unsigned char bigend_seqnum[4];
+ krb5_keyblock *enc_key;
+ size_t i;
- bigend_seqnum[0] = (ctx->seq_send >> 24) & 0xFF;
- bigend_seqnum[1] = (ctx->seq_send >> 16) & 0xFF;
- bigend_seqnum[2] = (ctx->seq_send >> 8 ) & 0xFF;
- bigend_seqnum[3] = (ctx->seq_send ) & 0xFF;
+ bigend_seqnum[0] = (ctx->seq_send >> 24) & 0xFF;
+ bigend_seqnum[1] = (ctx->seq_send >> 16) & 0xFF;
+ bigend_seqnum[2] = (ctx->seq_send >> 8 ) & 0xFF;
+ bigend_seqnum[3] = (ctx->seq_send ) & 0xFF;
- code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
- if (code != 0)
- goto cleanup;
+ code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
+ if (code != 0)
+ goto cleanup;
- assert(enc_key->length == 16);
+ assert(enc_key->length == 16);
- for (i = 0; i < enc_key->length; i++)
- ((char *)enc_key->contents)[i] ^= 0xF0;
+ for (i = 0; i < enc_key->length; i++)
+ ((char *)enc_key->contents)[i] ^= 0xF0;
- code = kg_arcfour_docrypt_iov(context, enc_key, 0,
- bigend_seqnum, 4,
- iov, iov_count);
- krb5_free_keyblock(context, enc_key);
- } else {
- code = kg_encrypt_iov(context, ctx->proto,
- ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
- 0 /*EC*/, 0 /*RRC*/,
- ctx->enc, KG_USAGE_SEAL, NULL,
- iov, iov_count);
- }
- if (code != 0)
- goto cleanup;
+ code = kg_arcfour_docrypt_iov(context, enc_key, 0,
+ bigend_seqnum, 4,
+ iov, iov_count);
+ krb5_free_keyblock(context, enc_key);
+ } else {
+ code = kg_encrypt_iov(context, ctx->proto,
+ ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+ 0 /*EC*/, 0 /*RRC*/,
+ ctx->enc, KG_USAGE_SEAL, NULL,
+ iov, iov_count);
+ }
+ if (code != 0)
+ goto cleanup;
}
ctx->seq_send++;
@@ -261,11 +261,11 @@
code = 0;
if (conf_state != NULL)
- *conf_state = conf_req_flag;
+ *conf_state = conf_req_flag;
cleanup:
if (code != 0)
- kg_release_iov(iov, iov_count);
+ kg_release_iov(iov, iov_count);
krb5_free_checksum_contents(context, &md5cksum);
return code;
@@ -273,13 +273,13 @@
OM_uint32
kg_seal_iov(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype)
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype)
{
krb5_gss_ctx_id_rec *ctx;
krb5_error_code code;
@@ -287,52 +287,52 @@
krb5_context context;
if (qop_req != 0) {
- *minor_status = (OM_uint32)G_UNKNOWN_QOP;
- return GSS_S_FAILURE;
+ *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+ return GSS_S_FAILURE;
}
if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
+ *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+ return GSS_S_NO_CONTEXT;
}
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
- *minor_status = KG_CTX_INCOMPLETE;
- return GSS_S_NO_CONTEXT;
+ *minor_status = KG_CTX_INCOMPLETE;
+ return GSS_S_NO_CONTEXT;
}
context = ctx->k5_context;
code = krb5_timeofday(context, &now);
if (code != 0) {
- *minor_status = code;
- save_error_info(*minor_status, context);
- return GSS_S_FAILURE;
+ *minor_status = code;
+ save_error_info(*minor_status, context);
+ return GSS_S_FAILURE;
}
if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) {
- /* may be more sensible to return an error here */
- conf_req_flag = FALSE;
+ /* may be more sensible to return an error here */
+ conf_req_flag = FALSE;
}
switch (ctx->proto) {
case 0:
- code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
- conf_state, iov, iov_count, toktype);
- break;
+ code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
+ conf_state, iov, iov_count, toktype);
+ break;
case 1:
- code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag,
- conf_state, iov, iov_count, toktype);
- break;
+ code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag,
+ conf_state, iov, iov_count, toktype);
+ break;
default:
- code = G_UNKNOWN_QOP;
- break;
+ code = G_UNKNOWN_QOP;
+ break;
}
if (code != 0) {
- *minor_status = code;
- save_error_info(*minor_status, context);
- return GSS_S_FAILURE;
+ *minor_status = code;
+ save_error_info(*minor_status, context);
+ return GSS_S_FAILURE;
}
*minor_status = 0;
@@ -340,18 +340,18 @@
return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
}
-#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
- (_iov)->buffer.length = 0; } \
- while (0)
+#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
+ (_iov)->buffer.length = 0; } \
+ while (0)
OM_uint32
kg_seal_iov_length(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
krb5_gss_ctx_id_rec *ctx;
gss_iov_buffer_t header, trailer, padding;
@@ -363,31 +363,31 @@
int dce_style;
if (qop_req != GSS_C_QOP_DEFAULT) {
- *minor_status = (OM_uint32)G_UNKNOWN_QOP;
- return GSS_S_FAILURE;
+ *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+ return GSS_S_FAILURE;
}
if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
+ *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+ return GSS_S_NO_CONTEXT;
}
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
- *minor_status = KG_CTX_INCOMPLETE;
- return GSS_S_NO_CONTEXT;
+ *minor_status = KG_CTX_INCOMPLETE;
+ return GSS_S_NO_CONTEXT;
}
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
}
INIT_IOV_DATA(header);
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
if (trailer != NULL) {
- INIT_IOV_DATA(trailer);
+ INIT_IOV_DATA(trailer);
}
dce_style = ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0);
@@ -395,123 +395,122 @@
/* For CFX, EC is used instead of padding, and is placed in header or trailer */
padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (padding == NULL) {
- if (conf_req_flag && ctx->proto == 0 && !dce_style) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
- }
+ if (conf_req_flag && ctx->proto == 0 && !dce_style) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
} else {
- INIT_IOV_DATA(padding);
+ INIT_IOV_DATA(padding);
}
kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
if (conf_req_flag && kg_integ_only_iov(iov, iov_count))
- conf_req_flag = FALSE;
+ conf_req_flag = FALSE;
context = ctx->k5_context;
gss_headerlen = gss_padlen = gss_trailerlen = 0;
if (ctx->proto == 1) {
- krb5_enctype enctype;
- size_t ec;
+ krb5_enctype enctype;
+ size_t ec;
- if (ctx->have_acceptor_subkey)
- enctype = ctx->acceptor_subkey->enctype;
- else
- enctype = ctx->subkey->enctype;
+ if (ctx->have_acceptor_subkey)
+ enctype = ctx->acceptor_subkey->enctype;
+ else
+ enctype = ctx->subkey->enctype;
- code = krb5_c_crypto_length(context, enctype,
- conf_req_flag ?
- KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
- &k5_trailerlen);
- if (code != 0) {
- *minor_status = code;
- return GSS_S_FAILURE;
- }
+ code = krb5_c_crypto_length(context, enctype,
+ conf_req_flag ?
+ KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+ &k5_trailerlen);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
- if (conf_req_flag) {
- code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
- if (code != 0) {
- *minor_status = code;
- return GSS_S_FAILURE;
- }
- }
+ if (conf_req_flag) {
+ code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+ }
- gss_headerlen = 16; /* Header */
- if (conf_req_flag) {
- gss_headerlen += k5_headerlen; /* Kerb-Header */
- gss_trailerlen = 16 /* E(Header) */ + k5_trailerlen; /* Kerb-Trailer */
+ gss_headerlen = 16; /* Header */
+ if (conf_req_flag) {
+ gss_headerlen += k5_headerlen; /* Kerb-Header */
+ gss_trailerlen = 16 /* E(Header) */ + k5_trailerlen; /* Kerb-Trailer */
- code = krb5_c_padding_length(context, enctype,
- data_length - assoc_data_length + 16 /* E(Header) */, &k5_padlen);
- if (code != 0) {
- *minor_status = code;
- return GSS_S_FAILURE;
- }
-
- if (k5_padlen == 0 && dce_style) {
- /* Windows rejects AEAD tokens with non-zero EC */
- code = krb5_c_block_size(context, enctype, &ec);
- if (code != 0) {
- *minor_status = code;
- return GSS_S_FAILURE;
- }
- } else
- ec = k5_padlen;
+ code = krb5_c_padding_length(context, enctype,
+ data_length - assoc_data_length + 16 /* E(Header) */, &k5_padlen);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
- gss_trailerlen += ec;
- } else {
- gss_trailerlen = k5_trailerlen; /* Kerb-Checksum */
- }
+ if (k5_padlen == 0 && dce_style) {
+ /* Windows rejects AEAD tokens with non-zero EC */
+ code = krb5_c_block_size(context, enctype, &ec);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+ } else
+ ec = k5_padlen;
+
+ gss_trailerlen += ec;
+ } else {
+ gss_trailerlen = k5_trailerlen; /* Kerb-Checksum */
+ }
} else if (!dce_style) {
- k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
+ k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
- if (k5_padlen == 1)
- gss_padlen = 1;
- else
- gss_padlen = k5_padlen - ((data_length - assoc_data_length) % k5_padlen);
+ if (k5_padlen == 1)
+ gss_padlen = 1;
+ else
+ gss_padlen = k5_padlen - ((data_length - assoc_data_length) % k5_padlen);
}
data_length += gss_padlen;
if (ctx->proto == 0) {
- /* Header | Checksum | Confounder | Data | Pad */
- size_t data_size;
+ /* Header | Checksum | Confounder | Data | Pad */
+ size_t data_size;
- k5_headerlen = kg_confounder_size(context, ctx->enc);
+ k5_headerlen = kg_confounder_size(context, ctx->enc);
- data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen;
+ data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen;
- if (!dce_style)
- data_size += data_length;
+ if (!dce_style)
+ data_size += data_length;
- gss_headerlen = g_token_size(ctx->mech_used, data_size);
+ gss_headerlen = g_token_size(ctx->mech_used, data_size);
- /* g_token_size() will include data_size as well as the overhead, so
- * subtract data_length just to get the overhead (ie. token size) */
- if (!dce_style)
- gss_headerlen -= data_length;
+ /* g_token_size() will include data_size as well as the overhead, so
+ * subtract data_length just to get the overhead (ie. token size) */
+ if (!dce_style)
+ gss_headerlen -= data_length;
}
if (minor_status != NULL)
- *minor_status = 0;
+ *minor_status = 0;
if (trailer == NULL)
- gss_headerlen += gss_trailerlen;
+ gss_headerlen += gss_trailerlen;
else
- trailer->buffer.length = gss_trailerlen;
+ trailer->buffer.length = gss_trailerlen;
assert(gss_padlen == 0 || padding != NULL);
if (padding != NULL)
- padding->buffer.length = gss_padlen;
+ padding->buffer.length = gss_padlen;
header->buffer.length = gss_headerlen;
if (conf_state != NULL)
- *conf_state = conf_req_flag;
+ *conf_state = conf_req_flag;
return GSS_S_COMPLETE;
}
-
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -96,10 +96,10 @@
: KG_USAGE_ACCEPTOR_SIGN));
if (ctx->have_acceptor_subkey) {
key = ctx->acceptor_subkey;
- cksumtype = ctx->acceptor_subkey_cksumtype;
+ cksumtype = ctx->acceptor_subkey_cksumtype;
} else {
key = ctx->subkey;
- cksumtype = ctx->cksumtype;
+ cksumtype = ctx->cksumtype;
}
assert(key != NULL);
@@ -184,7 +184,7 @@
#endif
} else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
krb5_data plain;
- size_t cksumsize;
+ size_t cksumsize;
/* Here, message is the application-supplied data; message2 is
what goes into the output token. They may be the same, or
@@ -198,11 +198,11 @@
if (plain.data == NULL)
return ENOMEM;
- err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
- if (err)
- goto error;
+ err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
+ if (err)
+ goto error;
- assert(cksumsize <= 0xffff);
+ assert(cksumsize <= 0xffff);
bufsize = 16 + message2->length + cksumsize;
outbuf = malloc(bufsize);
@@ -321,7 +321,7 @@
krb5_cksumtype cksumtype;
if (ctx->big_endian != 0)
- goto defective;
+ goto defective;
if (qop_state)
*qop_state = GSS_C_QOP_DEFAULT;
@@ -367,10 +367,10 @@
value in that case, though, so we can just ignore the flag. */
if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
key = ctx->acceptor_subkey;
- cksumtype = ctx->acceptor_subkey_cksumtype;
+ cksumtype = ctx->acceptor_subkey_cksumtype;
} else {
key = ctx->subkey;
- cksumtype = ctx->cksumtype;
+ cksumtype = ctx->cksumtype;
}
assert(key != NULL);
@@ -429,11 +429,11 @@
message_buffer->value = NULL;
}
} else {
- size_t cksumsize;
+ size_t cksumsize;
- err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
- if (err)
- goto error;
+ err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
+ if (err)
+ goto error;
/* no confidentiality */
if (conf_state)
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3iov.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3iov.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/k5sealv3iov.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -28,19 +28,19 @@
*/
#include <assert.h>
-#include "k5-platform.h" /* for 64-bit support */
-#include "k5-int.h" /* for zap() */
+#include "k5-platform.h" /* for 64-bit support */
+#include "k5-int.h" /* for zap() */
#include "gssapiP_krb5.h"
#include <stdarg.h>
krb5_error_code
gss_krb5int_make_seal_token_v3_iov(krb5_context context,
- krb5_gss_ctx_id_rec *ctx,
- int conf_req_flag,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype)
+ krb5_gss_ctx_id_rec *ctx,
+ int conf_req_flag,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype)
{
krb5_error_code code = 0;
gss_iov_buffer_t header;
@@ -62,18 +62,18 @@
acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
key_usage = (toktype == KG_TOK_WRAP_MSG
- ? (ctx->initiate
- ? KG_USAGE_INITIATOR_SEAL
- : KG_USAGE_ACCEPTOR_SEAL)
- : (ctx->initiate
- ? KG_USAGE_INITIATOR_SIGN
- : KG_USAGE_ACCEPTOR_SIGN));
+ ? (ctx->initiate
+ ? KG_USAGE_INITIATOR_SEAL
+ : KG_USAGE_ACCEPTOR_SEAL)
+ : (ctx->initiate
+ ? KG_USAGE_INITIATOR_SIGN
+ : KG_USAGE_ACCEPTOR_SIGN));
if (ctx->have_acceptor_subkey) {
- key = ctx->acceptor_subkey;
- cksumtype = ctx->acceptor_subkey_cksumtype;
+ key = ctx->acceptor_subkey;
+ cksumtype = ctx->acceptor_subkey_cksumtype;
} else {
- key = ctx->subkey;
- cksumtype = ctx->cksumtype;
+ key = ctx->subkey;
+ cksumtype = ctx->cksumtype;
}
assert(key != NULL);
assert(cksumtype != 0);
@@ -82,205 +82,205 @@
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL)
- return EINVAL;
+ return EINVAL;
padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (padding != NULL)
- padding->buffer.length = 0;
+ padding->buffer.length = 0;
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
outbuf = (unsigned char *)header->buffer.value;
if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
- unsigned int k5_headerlen, k5_trailerlen, k5_padlen;
- size_t ec = 0;
- size_t conf_data_length = data_length - assoc_data_length;
+ unsigned int k5_headerlen, k5_trailerlen, k5_padlen;
+ size_t ec = 0;
+ size_t conf_data_length = data_length - assoc_data_length;
- code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
- if (code != 0)
- goto cleanup;
+ code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+ if (code != 0)
+ goto cleanup;
- code = krb5_c_padding_length(context, key->enctype,
- conf_data_length + 16 /* E(Header) */, &k5_padlen);
- if (code != 0)
- goto cleanup;
+ code = krb5_c_padding_length(context, key->enctype,
+ conf_data_length + 16 /* E(Header) */, &k5_padlen);
+ if (code != 0)
+ goto cleanup;
- if (k5_padlen == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
- /* Windows rejects AEAD tokens with non-zero EC */
- code = krb5_c_block_size(context, key->enctype, &ec);
- if (code != 0)
- goto cleanup;
- } else
- ec = k5_padlen;
+ if (k5_padlen == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+ /* Windows rejects AEAD tokens with non-zero EC */
+ code = krb5_c_block_size(context, key->enctype, &ec);
+ if (code != 0)
+ goto cleanup;
+ } else
+ ec = k5_padlen;
- code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
- if (code != 0)
- goto cleanup;
+ code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
+ if (code != 0)
+ goto cleanup;
- gss_headerlen = 16 /* Header */ + k5_headerlen;
- gss_trailerlen = ec + 16 /* E(Header) */ + k5_trailerlen;
+ gss_headerlen = 16 /* Header */ + k5_headerlen;
+ gss_trailerlen = ec + 16 /* E(Header) */ + k5_trailerlen;
- if (trailer == NULL) {
- rrc = gss_trailerlen;
- /* Workaround for Windows bug where it rotates by EC + RRC */
- if (ctx->gss_flags & GSS_C_DCE_STYLE)
- rrc -= ec;
- gss_headerlen += gss_trailerlen;
- }
+ if (trailer == NULL) {
+ rrc = gss_trailerlen;
+ /* Workaround for Windows bug where it rotates by EC + RRC */
+ if (ctx->gss_flags & GSS_C_DCE_STYLE)
+ rrc -= ec;
+ gss_headerlen += gss_trailerlen;
+ }
- if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
- code = kg_allocate_iov(header, gss_headerlen);
- else if (header->buffer.length < gss_headerlen)
- code = KRB5_BAD_MSIZE;
- if (code != 0)
- goto cleanup;
- header->buffer.length = gss_headerlen;
+ if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+ code = kg_allocate_iov(header, gss_headerlen);
+ else if (header->buffer.length < gss_headerlen)
+ code = KRB5_BAD_MSIZE;
+ if (code != 0)
+ goto cleanup;
+ header->buffer.length = gss_headerlen;
- if (trailer != NULL) {
- if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
- code = kg_allocate_iov(trailer, gss_trailerlen);
- else if (trailer->buffer.length < gss_trailerlen)
- code = KRB5_BAD_MSIZE;
- if (code != 0)
- goto cleanup;
- trailer->buffer.length = gss_trailerlen;
- }
+ if (trailer != NULL) {
+ if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+ code = kg_allocate_iov(trailer, gss_trailerlen);
+ else if (trailer->buffer.length < gss_trailerlen)
+ code = KRB5_BAD_MSIZE;
+ if (code != 0)
+ goto cleanup;
+ trailer->buffer.length = gss_trailerlen;
+ }
- /* TOK_ID */
- store_16_be(KG2_TOK_WRAP_MSG, outbuf);
- /* flags */
- outbuf[2] = (acceptor_flag
- | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
- | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
- /* filler */
- outbuf[3] = 0xFF;
- /* EC */
- store_16_be(ec, outbuf + 4);
- /* RRC */
- store_16_be(0, outbuf + 6);
- store_64_be(ctx->seq_send, outbuf + 8);
+ /* TOK_ID */
+ store_16_be(KG2_TOK_WRAP_MSG, outbuf);
+ /* flags */
+ outbuf[2] = (acceptor_flag
+ | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
+ | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+ /* filler */
+ outbuf[3] = 0xFF;
+ /* EC */
+ store_16_be(ec, outbuf + 4);
+ /* RRC */
+ store_16_be(0, outbuf + 6);
+ store_64_be(ctx->seq_send, outbuf + 8);
- /* EC | copy of header to be encrypted, located in (possibly rotated) trailer */
- if (trailer == NULL)
- tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
- else
- tbuf = (unsigned char *)trailer->buffer.value;
+ /* EC | copy of header to be encrypted, located in (possibly rotated) trailer */
+ if (trailer == NULL)
+ tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
+ else
+ tbuf = (unsigned char *)trailer->buffer.value;
- memset(tbuf, 0xFF, ec);
- memcpy(tbuf + ec, header->buffer.value, 16);
+ memset(tbuf, 0xFF, ec);
+ memcpy(tbuf + ec, header->buffer.value, 16);
- code = kg_encrypt_iov(context, ctx->proto,
- ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
- ec, rrc, key, key_usage, 0, iov, iov_count);
- if (code != 0)
- goto cleanup;
+ code = kg_encrypt_iov(context, ctx->proto,
+ ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+ ec, rrc, key, key_usage, 0, iov, iov_count);
+ if (code != 0)
+ goto cleanup;
- /* RRC */
- store_16_be(rrc, outbuf + 6);
+ /* RRC */
+ store_16_be(rrc, outbuf + 6);
- ctx->seq_send++;
+ ctx->seq_send++;
} else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
- tok_id = KG2_TOK_WRAP_MSG;
+ tok_id = KG2_TOK_WRAP_MSG;
wrap_with_checksum:
- gss_headerlen = 16;
+ gss_headerlen = 16;
- code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &gss_trailerlen);
- if (code != 0)
- goto cleanup;
+ code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &gss_trailerlen);
+ if (code != 0)
+ goto cleanup;
- assert(gss_trailerlen <= 0xFFFF);
+ assert(gss_trailerlen <= 0xFFFF);
- if (trailer == NULL) {
- rrc = gss_trailerlen;
- gss_headerlen += gss_trailerlen;
- }
+ if (trailer == NULL) {
+ rrc = gss_trailerlen;
+ gss_headerlen += gss_trailerlen;
+ }
- if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
- code = kg_allocate_iov(header, gss_headerlen);
- else if (header->buffer.length < gss_headerlen)
- code = KRB5_BAD_MSIZE;
- if (code != 0)
- goto cleanup;
- header->buffer.length = gss_headerlen;
+ if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+ code = kg_allocate_iov(header, gss_headerlen);
+ else if (header->buffer.length < gss_headerlen)
+ code = KRB5_BAD_MSIZE;
+ if (code != 0)
+ goto cleanup;
+ header->buffer.length = gss_headerlen;
- if (trailer != NULL) {
- if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
- code = kg_allocate_iov(trailer, gss_trailerlen);
- else if (trailer->buffer.length < gss_trailerlen)
- code = KRB5_BAD_MSIZE;
- if (code != 0)
- goto cleanup;
- trailer->buffer.length = gss_trailerlen;
- }
+ if (trailer != NULL) {
+ if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+ code = kg_allocate_iov(trailer, gss_trailerlen);
+ else if (trailer->buffer.length < gss_trailerlen)
+ code = KRB5_BAD_MSIZE;
+ if (code != 0)
+ goto cleanup;
+ trailer->buffer.length = gss_trailerlen;
+ }
- /* TOK_ID */
- store_16_be(tok_id, outbuf);
- /* flags */
- outbuf[2] = (acceptor_flag
- | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
- /* filler */
- outbuf[3] = 0xFF;
- if (toktype == KG_TOK_WRAP_MSG) {
- /* Use 0 for checksum calculation, substitute
- * checksum length later.
- */
- /* EC */
- store_16_be(0, outbuf + 4);
- /* RRC */
- store_16_be(0, outbuf + 6);
- } else {
- /* MIC and DEL store 0xFF in EC and RRC */
- store_16_be(0xFFFF, outbuf + 4);
- store_16_be(0xFFFF, outbuf + 6);
- }
- store_64_be(ctx->seq_send, outbuf + 8);
+ /* TOK_ID */
+ store_16_be(tok_id, outbuf);
+ /* flags */
+ outbuf[2] = (acceptor_flag
+ | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+ /* filler */
+ outbuf[3] = 0xFF;
+ if (toktype == KG_TOK_WRAP_MSG) {
+ /* Use 0 for checksum calculation, substitute
+ * checksum length later.
+ */
+ /* EC */
+ store_16_be(0, outbuf + 4);
+ /* RRC */
+ store_16_be(0, outbuf + 6);
+ } else {
+ /* MIC and DEL store 0xFF in EC and RRC */
+ store_16_be(0xFFFF, outbuf + 4);
+ store_16_be(0xFFFF, outbuf + 6);
+ }
+ store_64_be(ctx->seq_send, outbuf + 8);
- code = kg_make_checksum_iov_v3(context, cksumtype,
- rrc, key, key_usage,
- iov, iov_count);
- if (code != 0)
- goto cleanup;
+ code = kg_make_checksum_iov_v3(context, cksumtype,
+ rrc, key, key_usage,
+ iov, iov_count);
+ if (code != 0)
+ goto cleanup;
- ctx->seq_send++;
+ ctx->seq_send++;
- if (toktype == KG_TOK_WRAP_MSG) {
- /* Fix up EC field */
- store_16_be(gss_trailerlen, outbuf + 4);
- /* Fix up RRC field */
- store_16_be(rrc, outbuf + 6);
- }
+ if (toktype == KG_TOK_WRAP_MSG) {
+ /* Fix up EC field */
+ store_16_be(gss_trailerlen, outbuf + 4);
+ /* Fix up RRC field */
+ store_16_be(rrc, outbuf + 6);
+ }
} else if (toktype == KG_TOK_MIC_MSG) {
- tok_id = KG2_TOK_MIC_MSG;
- trailer = NULL;
- goto wrap_with_checksum;
+ tok_id = KG2_TOK_MIC_MSG;
+ trailer = NULL;
+ goto wrap_with_checksum;
} else if (toktype == KG_TOK_DEL_CTX) {
- tok_id = KG2_TOK_DEL_CTX;
- goto wrap_with_checksum;
+ tok_id = KG2_TOK_DEL_CTX;
+ goto wrap_with_checksum;
} else {
- abort();
+ abort();
}
code = 0;
cleanup:
if (code != 0)
- kg_release_iov(iov, iov_count);
+ kg_release_iov(iov, iov_count);
return code;
}
OM_uint32
gss_krb5int_unseal_v3_iov(krb5_context context,
- OM_uint32 *minor_status,
- krb5_gss_ctx_id_rec *ctx,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int *conf_state,
- gss_qop_t *qop_state,
- int toktype)
+ OM_uint32 *minor_status,
+ krb5_gss_ctx_id_rec *ctx,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ int toktype)
{
OM_uint32 code;
gss_iov_buffer_t header;
@@ -298,167 +298,167 @@
int conf_flag = 0;
if (ctx->big_endian != 0)
- return GSS_S_DEFECTIVE_TOKEN;
+ return GSS_S_DEFECTIVE_TOKEN;
if (qop_state != NULL)
- *qop_state = GSS_C_QOP_DEFAULT;
+ *qop_state = GSS_C_QOP_DEFAULT;
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
assert(header != NULL);
padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (padding != NULL && padding->buffer.length != 0)
- return GSS_S_DEFECTIVE_TOKEN;
+ return GSS_S_DEFECTIVE_TOKEN;
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
key_usage = (toktype == KG_TOK_WRAP_MSG
- ? (!ctx->initiate
- ? KG_USAGE_INITIATOR_SEAL
- : KG_USAGE_ACCEPTOR_SEAL)
- : (!ctx->initiate
- ? KG_USAGE_INITIATOR_SIGN
- : KG_USAGE_ACCEPTOR_SIGN));
+ ? (!ctx->initiate
+ ? KG_USAGE_INITIATOR_SEAL
+ : KG_USAGE_ACCEPTOR_SEAL)
+ : (!ctx->initiate
+ ? KG_USAGE_INITIATOR_SIGN
+ : KG_USAGE_ACCEPTOR_SIGN));
kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
ptr = (unsigned char *)header->buffer.value;
if (header->buffer.length < 16) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) {
- *minor_status = (OM_uint32)G_BAD_DIRECTION;
- return GSS_S_BAD_SIG;
+ *minor_status = (OM_uint32)G_BAD_DIRECTION;
+ return GSS_S_BAD_SIG;
}
if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
- key = ctx->acceptor_subkey;
- cksumtype = ctx->acceptor_subkey_cksumtype;
+ key = ctx->acceptor_subkey;
+ cksumtype = ctx->acceptor_subkey_cksumtype;
} else {
- key = ctx->subkey;
- cksumtype = ctx->cksumtype;
+ key = ctx->subkey;
+ cksumtype = ctx->cksumtype;
}
assert(key != NULL);
if (toktype == KG_TOK_WRAP_MSG) {
- unsigned int k5_trailerlen;
+ unsigned int k5_trailerlen;
- if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
- goto defective;
- conf_flag = ((ptr[2] & FLAG_WRAP_CONFIDENTIAL) != 0);
- if (ptr[3] != 0xFF)
- goto defective;
- ec = load_16_be(ptr + 4);
- rrc = load_16_be(ptr + 6);
- seqnum = load_64_be(ptr + 8);
+ if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
+ goto defective;
+ conf_flag = ((ptr[2] & FLAG_WRAP_CONFIDENTIAL) != 0);
+ if (ptr[3] != 0xFF)
+ goto defective;
+ ec = load_16_be(ptr + 4);
+ rrc = load_16_be(ptr + 6);
+ seqnum = load_64_be(ptr + 8);
- code = krb5_c_crypto_length(context, key->enctype,
- conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
- KRB5_CRYPTO_TYPE_CHECKSUM,
- &k5_trailerlen);
- if (code != 0) {
- *minor_status = code;
- return GSS_S_FAILURE;
- }
+ code = krb5_c_crypto_length(context, key->enctype,
+ conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
+ KRB5_CRYPTO_TYPE_CHECKSUM,
+ &k5_trailerlen);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
- /* Deal with RRC */
- if (trailer == NULL) {
- size_t desired_rrc = k5_trailerlen;
+ /* Deal with RRC */
+ if (trailer == NULL) {
+ size_t desired_rrc = k5_trailerlen;
- if (conf_flag) {
- desired_rrc += 16; /* E(Header) */
+ if (conf_flag) {
+ desired_rrc += 16; /* E(Header) */
- if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
- desired_rrc += ec;
- }
+ if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
+ desired_rrc += ec;
+ }
- /* According to MS, we only need to deal with a fixed RRC for DCE */
- if (rrc != desired_rrc)
- goto defective;
- } else if (rrc != 0) {
- /* Should have been rotated by kg_unseal_stream_iov() */
- goto defective;
- }
+ /* According to MS, we only need to deal with a fixed RRC for DCE */
+ if (rrc != desired_rrc)
+ goto defective;
+ } else if (rrc != 0) {
+ /* Should have been rotated by kg_unseal_stream_iov() */
+ goto defective;
+ }
- if (conf_flag) {
- unsigned char *althdr;
+ if (conf_flag) {
+ unsigned char *althdr;
- /* Decrypt */
- code = kg_decrypt_iov(context, ctx->proto,
- ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
- ec, rrc,
- key, key_usage, 0, iov, iov_count);
- if (code != 0) {
- *minor_status = code;
- return GSS_S_BAD_SIG;
- }
+ /* Decrypt */
+ code = kg_decrypt_iov(context, ctx->proto,
+ ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+ ec, rrc,
+ key, key_usage, 0, iov, iov_count);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_BAD_SIG;
+ }
- /* Validate header integrity */
- if (trailer == NULL)
- althdr = (unsigned char *)header->buffer.value + 16 + ec;
- else
- althdr = (unsigned char *)trailer->buffer.value + ec;
+ /* Validate header integrity */
+ if (trailer == NULL)
+ althdr = (unsigned char *)header->buffer.value + 16 + ec;
+ else
+ althdr = (unsigned char *)trailer->buffer.value + ec;
- if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
- || althdr[2] != ptr[2]
- || althdr[3] != ptr[3]
- || memcmp(althdr + 8, ptr + 8, 8) != 0) {
- *minor_status = 0;
- return GSS_S_BAD_SIG;
- }
- } else {
- /* Verify checksum: note EC is checksum size here, not padding */
- if (ec != k5_trailerlen)
- goto defective;
+ if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
+ || althdr[2] != ptr[2]
+ || althdr[3] != ptr[3]
+ || memcmp(althdr + 8, ptr + 8, 8) != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_SIG;
+ }
+ } else {
+ /* Verify checksum: note EC is checksum size here, not padding */
+ if (ec != k5_trailerlen)
+ goto defective;
- /* Zero EC, RRC before computing checksum */
- store_16_be(0, ptr + 4);
- store_16_be(0, ptr + 6);
+ /* Zero EC, RRC before computing checksum */
+ store_16_be(0, ptr + 4);
+ store_16_be(0, ptr + 6);
- code = kg_verify_checksum_iov_v3(context, cksumtype, rrc,
- key, key_usage,
- iov, iov_count, &valid);
- if (code != 0 || valid == FALSE) {
- *minor_status = code;
- return GSS_S_BAD_SIG;
- }
- }
+ code = kg_verify_checksum_iov_v3(context, cksumtype, rrc,
+ key, key_usage,
+ iov, iov_count, &valid);
+ if (code != 0 || valid == FALSE) {
+ *minor_status = code;
+ return GSS_S_BAD_SIG;
+ }
+ }
- code = g_order_check(&ctx->seqstate, seqnum);
+ code = g_order_check(&ctx->seqstate, seqnum);
} else if (toktype == KG_TOK_MIC_MSG) {
- if (load_16_be(ptr) != KG2_TOK_MIC_MSG)
- goto defective;
+ if (load_16_be(ptr) != KG2_TOK_MIC_MSG)
+ goto defective;
verify_mic_1:
- if (ptr[3] != 0xFF)
- goto defective;
- seqnum = load_64_be(ptr + 8);
+ if (ptr[3] != 0xFF)
+ goto defective;
+ seqnum = load_64_be(ptr + 8);
- code = kg_verify_checksum_iov_v3(context, cksumtype, 0,
- key, key_usage,
- iov, iov_count, &valid);
- if (code != 0 || valid == FALSE) {
- *minor_status = code;
- return GSS_S_BAD_SIG;
- }
- code = g_order_check(&ctx->seqstate, seqnum);
+ code = kg_verify_checksum_iov_v3(context, cksumtype, 0,
+ key, key_usage,
+ iov, iov_count, &valid);
+ if (code != 0 || valid == FALSE) {
+ *minor_status = code;
+ return GSS_S_BAD_SIG;
+ }
+ code = g_order_check(&ctx->seqstate, seqnum);
} else if (toktype == KG_TOK_DEL_CTX) {
- if (load_16_be(ptr) != KG2_TOK_DEL_CTX)
- goto defective;
- goto verify_mic_1;
+ if (load_16_be(ptr) != KG2_TOK_DEL_CTX)
+ goto defective;
+ goto verify_mic_1;
} else {
- goto defective;
+ goto defective;
}
*minor_status = 0;
if (conf_state != NULL)
- *conf_state = conf_flag;
+ *conf_state = conf_flag;
return code;
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/k5unseal.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/k5unseal.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/k5unseal.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -527,8 +527,8 @@
}
if (bodysize < 2) {
- *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+ return GSS_S_DEFECTIVE_TOKEN;
}
toktype2 = load_16_be(ptr);
@@ -543,18 +543,18 @@
ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
ptr, bodysize, message_buffer,
conf_state, qop_state, toktype);
- break;
+ break;
case KG_TOK_MIC_MSG:
case KG_TOK_WRAP_MSG:
case KG_TOK_DEL_CTX:
ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
message_buffer, conf_state, qop_state,
toktype);
- break;
+ break;
default:
- *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
- ret = GSS_S_DEFECTIVE_TOKEN;
- break;
+ *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+ ret = GSS_S_DEFECTIVE_TOKEN;
+ break;
}
if (ret != 0)
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/k5unsealiov.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/k5unsealiov.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -28,21 +28,21 @@
*/
#include <assert.h>
-#include "k5-platform.h" /* for 64-bit support */
-#include "k5-int.h" /* for zap() */
+#include "k5-platform.h" /* for 64-bit support */
+#include "k5-int.h" /* for zap() */
#include "gssapiP_krb5.h"
#include <stdarg.h>
static OM_uint32
kg_unseal_v1_iov(krb5_context context,
- OM_uint32 *minor_status,
- krb5_gss_ctx_id_rec *ctx,
- gss_iov_buffer_desc *iov,
- int iov_count,
- size_t token_wrapper_len,
- int *conf_state,
- gss_qop_t *qop_state,
- int toktype)
+ OM_uint32 *minor_status,
+ krb5_gss_ctx_id_rec *ctx,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ size_t token_wrapper_len,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ int toktype)
{
OM_uint32 code;
gss_iov_buffer_t header;
@@ -71,17 +71,17 @@
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
if (trailer != NULL && trailer->buffer.length != 0) {
- *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if (header->buffer.length < token_wrapper_len + 14) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
ptr = (unsigned char *)header->buffer.value + token_wrapper_len;
-
+
signalg = ptr[0];
signalg |= ptr[1] << 8;
@@ -89,106 +89,106 @@
sealalg |= ptr[3] << 8;
if (ptr[4] != 0xFF || ptr[5] != 0xFF) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if (toktype != KG_TOK_WRAP_MSG && sealalg != 0xFFFF) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if (toktype == KG_TOK_WRAP_MSG &&
- !(sealalg == 0xFFFF || sealalg == ctx->sealalg)) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ !(sealalg == 0xFFFF || sealalg == ctx->sealalg)) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
- (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
- (ctx->sealalg == SEAL_ALG_DES3KD &&
- signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
- (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
- signalg != SGN_ALG_HMAC_MD5)) {
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
+ (ctx->sealalg == SEAL_ALG_DES3KD &&
+ signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
+ (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
+ signalg != SGN_ALG_HMAC_MD5)) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
case SGN_ALG_MD2_5:
case SGN_ALG_HMAC_MD5:
- cksum_len = 8;
- if (toktype != KG_TOK_WRAP_MSG)
- sign_usage = 15;
- break;
+ cksum_len = 8;
+ if (toktype != KG_TOK_WRAP_MSG)
+ sign_usage = 15;
+ break;
case SGN_ALG_3:
- cksum_len = 16;
- break;
+ cksum_len = 16;
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
- cksum_len = 20;
- break;
+ cksum_len = 20;
+ break;
default:
- *minor_status = 0;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
}
/* get the token parameters */
code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction,
- &seqnum);
+ &seqnum);
if (code != 0) {
- *minor_status = code;
- return GSS_S_BAD_SIG;
+ *minor_status = code;
+ return GSS_S_BAD_SIG;
}
assert(ctx->big_endian == 0);
/* decode the message, if SEAL */
if (toktype == KG_TOK_WRAP_MSG) {
- if (sealalg != 0xFFFF) {
- if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
- unsigned char bigend_seqnum[4];
- krb5_keyblock *enc_key;
- size_t i;
+ if (sealalg != 0xFFFF) {
+ if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+ unsigned char bigend_seqnum[4];
+ krb5_keyblock *enc_key;
+ size_t i;
- bigend_seqnum[0] = (seqnum >> 24) & 0xFF;
- bigend_seqnum[1] = (seqnum >> 16) & 0xFF;
- bigend_seqnum[2] = (seqnum >> 8 ) & 0xFF;
- bigend_seqnum[3] = (seqnum ) & 0xFF;
+ bigend_seqnum[0] = (seqnum >> 24) & 0xFF;
+ bigend_seqnum[1] = (seqnum >> 16) & 0xFF;
+ bigend_seqnum[2] = (seqnum >> 8 ) & 0xFF;
+ bigend_seqnum[3] = (seqnum ) & 0xFF;
- code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
- if (code != 0) {
- retval = GSS_S_FAILURE;
- goto cleanup;
- }
+ code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
+ if (code != 0) {
+ retval = GSS_S_FAILURE;
+ goto cleanup;
+ }
- assert(enc_key->length == 16);
+ assert(enc_key->length == 16);
- for (i = 0; i < enc_key->length; i++)
- ((char *)enc_key->contents)[i] ^= 0xF0;
+ for (i = 0; i < enc_key->length; i++)
+ ((char *)enc_key->contents)[i] ^= 0xF0;
- code = kg_arcfour_docrypt_iov(context, enc_key, 0,
- &bigend_seqnum[0], 4,
- iov, iov_count);
- krb5_free_keyblock(context, enc_key);
- } else {
- code = kg_decrypt_iov(context, 0,
- ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
- 0 /*EC*/, 0 /*RRC*/,
- ctx->enc, KG_USAGE_SEAL, NULL,
- iov, iov_count);
- }
- if (code != 0) {
- retval = GSS_S_FAILURE;
- goto cleanup;
- }
- }
- conflen = kg_confounder_size(context, ctx->enc);
+ code = kg_arcfour_docrypt_iov(context, enc_key, 0,
+ &bigend_seqnum[0], 4,
+ iov, iov_count);
+ krb5_free_keyblock(context, enc_key);
+ } else {
+ code = kg_decrypt_iov(context, 0,
+ ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+ 0 /*EC*/, 0 /*RRC*/,
+ ctx->enc, KG_USAGE_SEAL, NULL,
+ iov, iov_count);
+ }
+ if (code != 0) {
+ retval = GSS_S_FAILURE;
+ goto cleanup;
+ }
+ }
+ conflen = kg_confounder_size(context, ctx->enc);
}
if (header->buffer.length != token_wrapper_len + 14 + cksum_len + conflen) {
- retval = GSS_S_DEFECTIVE_TOKEN;
- goto cleanup;
+ retval = GSS_S_DEFECTIVE_TOKEN;
+ goto cleanup;
}
/* compute the checksum of the message */
@@ -200,67 +200,67 @@
case SGN_ALG_MD2_5:
case SGN_ALG_DES_MAC:
case SGN_ALG_3:
- md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+ break;
case SGN_ALG_HMAC_MD5:
- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
- break;
+ md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+ break;
default:
- abort();
+ abort();
}
code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
if (code != 0) {
- retval = GSS_S_FAILURE;
- goto cleanup;
+ retval = GSS_S_FAILURE;
+ goto cleanup;
}
md5cksum.length = sumlen;
/* compute the checksum of the message */
code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type,
- cksum_len, ctx->seq, ctx->enc,
- sign_usage, iov, iov_count, toktype,
- &md5cksum);
+ cksum_len, ctx->seq, ctx->enc,
+ sign_usage, iov, iov_count, toktype,
+ &md5cksum);
if (code != 0) {
- retval = GSS_S_FAILURE;
- goto cleanup;
+ retval = GSS_S_FAILURE;
+ goto cleanup;
}
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
case SGN_ALG_3:
- code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
- (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
- ctx->seq->contents : NULL),
- md5cksum.contents, md5cksum.contents, 16);
- if (code != 0) {
- retval = GSS_S_FAILURE;
- goto cleanup;
- }
+ code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+ (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+ ctx->seq->contents : NULL),
+ md5cksum.contents, md5cksum.contents, 16);
+ if (code != 0) {
+ retval = GSS_S_FAILURE;
+ goto cleanup;
+ }
- cksum.length = cksum_len;
- cksum.contents = md5cksum.contents + 16 - cksum.length;
+ cksum.length = cksum_len;
+ cksum.contents = md5cksum.contents + 16 - cksum.length;
- code = memcmp(cksum.contents, ptr + 14, cksum.length);
- break;
+ code = memcmp(cksum.contents, ptr + 14, cksum.length);
+ break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
case SGN_ALG_HMAC_MD5:
- code = memcmp(md5cksum.contents, ptr + 14, cksum_len);
- break;
+ code = memcmp(md5cksum.contents, ptr + 14, cksum_len);
+ break;
default:
- code = 0;
- retval = GSS_S_DEFECTIVE_TOKEN;
- goto cleanup;
- break;
+ code = 0;
+ retval = GSS_S_DEFECTIVE_TOKEN;
+ goto cleanup;
+ break;
}
if (code != 0) {
- code = 0;
- retval = GSS_S_BAD_SIG;
- goto cleanup;
+ code = 0;
+ retval = GSS_S_BAD_SIG;
+ goto cleanup;
}
/*
@@ -271,35 +271,35 @@
* this and fixup the last data IOV appropriately.
*/
if (toktype == KG_TOK_WRAP_MSG &&
- (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
- retval = kg_fixup_padding_iov(&code, iov, iov_count);
- if (retval != GSS_S_COMPLETE)
- goto cleanup;
+ (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
+ retval = kg_fixup_padding_iov(&code, iov, iov_count);
+ if (retval != GSS_S_COMPLETE)
+ goto cleanup;
}
if (conf_state != NULL)
- *conf_state = (sealalg != 0xFFFF);
+ *conf_state = (sealalg != 0xFFFF);
if (qop_state != NULL)
- *qop_state = GSS_C_QOP_DEFAULT;
+ *qop_state = GSS_C_QOP_DEFAULT;
code = krb5_timeofday(context, &now);
if (code != 0) {
- *minor_status = code;
- retval = GSS_S_FAILURE;
- goto cleanup;
+ *minor_status = code;
+ retval = GSS_S_FAILURE;
+ goto cleanup;
}
if (now > ctx->krb_times.endtime) {
- *minor_status = 0;
- retval = GSS_S_CONTEXT_EXPIRED;
- goto cleanup;
+ *minor_status = 0;
+ retval = GSS_S_CONTEXT_EXPIRED;
+ goto cleanup;
}
if ((ctx->initiate && direction != 0xff) ||
- (!ctx->initiate && direction != 0)) {
- *minor_status = (OM_uint32)G_BAD_DIRECTION;
- retval = GSS_S_BAD_SIG;
+ (!ctx->initiate && direction != 0)) {
+ *minor_status = (OM_uint32)G_BAD_DIRECTION;
+ retval = GSS_S_BAD_SIG;
}
code = 0;
@@ -320,12 +320,12 @@
*/
static OM_uint32
kg_unseal_iov_token(OM_uint32 *minor_status,
- krb5_gss_ctx_id_rec *ctx,
- int *conf_state,
- gss_qop_t *qop_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype)
+ krb5_gss_ctx_id_rec *ctx,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype)
{
krb5_error_code code;
krb5_context context = ctx->k5_context;
@@ -340,8 +340,8 @@
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
if (header == NULL) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
}
padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
@@ -351,33 +351,33 @@
input_length = header->buffer.length;
if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
- size_t data_length, assoc_data_length;
+ size_t data_length, assoc_data_length;
- kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+ kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
- input_length += data_length - assoc_data_length;
+ input_length += data_length - assoc_data_length;
- if (padding != NULL)
- input_length += padding->buffer.length;
+ if (padding != NULL)
+ input_length += padding->buffer.length;
- if (trailer != NULL)
- input_length += trailer->buffer.length;
+ if (trailer != NULL)
+ input_length += trailer->buffer.length;
}
if (ctx->gss_flags & GSS_C_DCE_STYLE)
- vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE;
+ vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE;
code = g_verify_token_header(ctx->mech_used,
- &bodysize, &ptr, -1,
- input_length, 0);
+ &bodysize, &ptr, -1,
+ input_length, 0);
if (code != 0) {
*minor_status = code;
return GSS_S_DEFECTIVE_TOKEN;
}
if (bodysize < 2) {
- *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+ return GSS_S_DEFECTIVE_TOKEN;
}
toktype2 = load_16_be(ptr);
@@ -389,24 +389,24 @@
case KG2_TOK_MIC_MSG:
case KG2_TOK_WRAP_MSG:
case KG2_TOK_DEL_CTX:
- code = gss_krb5int_unseal_v3_iov(context, minor_status, ctx, iov, iov_count,
- conf_state, qop_state, toktype);
- break;
+ code = gss_krb5int_unseal_v3_iov(context, minor_status, ctx, iov, iov_count,
+ conf_state, qop_state, toktype);
+ break;
case KG_TOK_MIC_MSG:
case KG_TOK_WRAP_MSG:
case KG_TOK_DEL_CTX:
- code = kg_unseal_v1_iov(context, minor_status, ctx, iov, iov_count,
- (size_t)(ptr - (unsigned char *)header->buffer.value),
- conf_state, qop_state, toktype);
- break;
+ code = kg_unseal_v1_iov(context, minor_status, ctx, iov, iov_count,
+ (size_t)(ptr - (unsigned char *)header->buffer.value),
+ conf_state, qop_state, toktype);
+ break;
default:
- *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
- code = GSS_S_DEFECTIVE_TOKEN;
- break;
+ *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+ code = GSS_S_DEFECTIVE_TOKEN;
+ break;
}
if (code != 0)
- save_error_info(*minor_status, context);
+ save_error_info(*minor_status, context);
return code;
}
@@ -417,12 +417,12 @@
*/
static OM_uint32
kg_unseal_stream_iov(OM_uint32 *minor_status,
- krb5_gss_ctx_id_rec *ctx,
- int *conf_state,
- gss_qop_t *qop_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype)
+ krb5_gss_ctx_id_rec *ctx,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype)
{
unsigned char *ptr;
unsigned int bodysize;
@@ -437,8 +437,8 @@
assert(toktype == KG_TOK_WRAP_MSG);
if (toktype != KG_TOK_WRAP_MSG || (ctx->gss_flags & GSS_C_DCE_STYLE)) {
- code = EINVAL;
- goto cleanup;
+ code = EINVAL;
+ goto cleanup;
}
stream = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM);
@@ -447,16 +447,16 @@
ptr = (unsigned char *)stream->buffer.value;
code = g_verify_token_header(ctx->mech_used,
- &bodysize, &ptr, -1,
- stream->buffer.length, 0);
+ &bodysize, &ptr, -1,
+ stream->buffer.length, 0);
if (code != 0) {
- major_status = GSS_S_DEFECTIVE_TOKEN;
- goto cleanup;
+ major_status = GSS_S_DEFECTIVE_TOKEN;
+ goto cleanup;
}
if (bodysize < 2) {
- *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+ return GSS_S_DEFECTIVE_TOKEN;
}
toktype2 = load_16_be(ptr);
@@ -466,8 +466,8 @@
tiov = (gss_iov_buffer_desc *)calloc((size_t)iov_count + 2, sizeof(gss_iov_buffer_desc));
if (tiov == NULL) {
- code = ENOMEM;
- goto cleanup;
+ code = ENOMEM;
+ goto cleanup;
}
/* HEADER */
@@ -476,35 +476,35 @@
theader->buffer.value = stream->buffer.value;
theader->buffer.length = ptr - (unsigned char *)stream->buffer.value;
if (bodysize < 14 ||
- stream->buffer.length != theader->buffer.length + bodysize) {
- major_status = GSS_S_DEFECTIVE_TOKEN;
- goto cleanup;
+ stream->buffer.length != theader->buffer.length + bodysize) {
+ major_status = GSS_S_DEFECTIVE_TOKEN;
+ goto cleanup;
}
theader->buffer.length += 14;
/* n[SIGN_DATA] | DATA | m[SIGN_DATA] */
for (j = 0; j < iov_count; j++) {
- OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type);
+ OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type);
- if (type == GSS_IOV_BUFFER_TYPE_DATA) {
- if (data != NULL) {
- /* only a single DATA buffer can appear */
- code = EINVAL;
- goto cleanup;
- }
+ if (type == GSS_IOV_BUFFER_TYPE_DATA) {
+ if (data != NULL) {
+ /* only a single DATA buffer can appear */
+ code = EINVAL;
+ goto cleanup;
+ }
- data = &iov[j];
- tdata = &tiov[i];
- }
- if (type == GSS_IOV_BUFFER_TYPE_DATA ||
- type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
- tiov[i++] = iov[j];
+ data = &iov[j];
+ tdata = &tiov[i];
+ }
+ if (type == GSS_IOV_BUFFER_TYPE_DATA ||
+ type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+ tiov[i++] = iov[j];
}
if (data == NULL) {
- /* a single DATA buffer must be present */
- code = EINVAL;
- goto cleanup;
+ /* a single DATA buffer must be present */
+ code = EINVAL;
+ goto cleanup;
}
/* PADDING | TRAILER */
@@ -520,65 +520,65 @@
case KG2_TOK_MIC_MSG:
case KG2_TOK_WRAP_MSG:
case KG2_TOK_DEL_CTX: {
- size_t ec, rrc;
- krb5_enctype enctype = ctx->enc->enctype;
- unsigned int k5_headerlen = 0;
- unsigned int k5_trailerlen = 0;
+ size_t ec, rrc;
+ krb5_enctype enctype = ctx->enc->enctype;
+ unsigned int k5_headerlen = 0;
+ unsigned int k5_trailerlen = 0;
- conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
- ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
- rrc = load_16_be(ptr + 4);
+ conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
+ ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
+ rrc = load_16_be(ptr + 4);
- if (rrc != 0) {
- if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16,
- stream->buffer.length - 16, rrc)) {
- code = ENOMEM;
- goto cleanup;
- }
- store_16_be(0, ptr + 4); /* set RRC to zero */
- }
+ if (rrc != 0) {
+ if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16,
+ stream->buffer.length - 16, rrc)) {
+ code = ENOMEM;
+ goto cleanup;
+ }
+ store_16_be(0, ptr + 4); /* set RRC to zero */
+ }
- if (conf_req_flag) {
- code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
- if (code != 0)
- goto cleanup;
- theader->buffer.length += k5_headerlen; /* length validated later */
- }
+ if (conf_req_flag) {
+ code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+ if (code != 0)
+ goto cleanup;
+ theader->buffer.length += k5_headerlen; /* length validated later */
+ }
- /* no PADDING for CFX, EC is used instead */
- code = krb5_c_crypto_length(context, enctype,
- conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
- &k5_trailerlen);
- if (code != 0)
- goto cleanup;
+ /* no PADDING for CFX, EC is used instead */
+ code = krb5_c_crypto_length(context, enctype,
+ conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+ &k5_trailerlen);
+ if (code != 0)
+ goto cleanup;
- ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
- ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
- stream->buffer.length - ttrailer->buffer.length;
- break;
+ ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
+ ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
+ stream->buffer.length - ttrailer->buffer.length;
+ break;
}
case KG_TOK_MIC_MSG:
case KG_TOK_WRAP_MSG:
case KG_TOK_DEL_CTX:
- theader->buffer.length += ctx->cksum_size + kg_confounder_size(context, ctx->enc);
+ theader->buffer.length += ctx->cksum_size + kg_confounder_size(context, ctx->enc);
- /*
- * we can't set the padding accurately until decryption;
- * kg_fixup_padding_iov() will take care of this
- */
- tpadding->buffer.length = 1;
- tpadding->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - 1;
+ /*
+ * we can't set the padding accurately until decryption;
+ * kg_fixup_padding_iov() will take care of this
+ */
+ tpadding->buffer.length = 1;
+ tpadding->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - 1;
- /* no TRAILER for pre-CFX */
- ttrailer->buffer.length = 0;
- ttrailer->buffer.value = NULL;
+ /* no TRAILER for pre-CFX */
+ ttrailer->buffer.length = 0;
+ ttrailer->buffer.value = NULL;
- break;
+ break;
default:
- code = (OM_uint32)G_BAD_TOK_HEADER;
- major_status = GSS_S_DEFECTIVE_TOKEN;
- goto cleanup;
- break;
+ code = (OM_uint32)G_BAD_TOK_HEADER;
+ major_status = GSS_S_DEFECTIVE_TOKEN;
+ goto cleanup;
+ break;
}
/* IOV: -----------0-------------+---1---+--2--+----------------3--------------*/
@@ -588,45 +588,45 @@
/* validate lengths */
if (stream->buffer.length < theader->buffer.length +
- tpadding->buffer.length +
- ttrailer->buffer.length)
+ tpadding->buffer.length +
+ ttrailer->buffer.length)
{
- code = (OM_uint32)KRB5_BAD_MSIZE;
- major_status = GSS_S_DEFECTIVE_TOKEN;
- goto cleanup;
+ code = (OM_uint32)KRB5_BAD_MSIZE;
+ major_status = GSS_S_DEFECTIVE_TOKEN;
+ goto cleanup;
}
/* setup data */
tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
- tpadding->buffer.length - theader->buffer.length;
+ tpadding->buffer.length - theader->buffer.length;
assert(data != NULL);
if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
- code = kg_allocate_iov(tdata, tdata->buffer.length);
- if (code != 0)
- goto cleanup;
- memcpy(tdata->buffer.value,
- (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length);
+ code = kg_allocate_iov(tdata, tdata->buffer.length);
+ if (code != 0)
+ goto cleanup;
+ memcpy(tdata->buffer.value,
+ (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length);
} else
- tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length;
+ tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length;
assert(i <= iov_count + 2);
major_status = kg_unseal_iov_token(&code, ctx, conf_state, qop_state,
- tiov, i, toktype);
+ tiov, i, toktype);
if (major_status == GSS_S_COMPLETE)
- *data = *tdata;
+ *data = *tdata;
else if (tdata->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
- OM_uint32 tmp;
+ OM_uint32 tmp;
- gss_release_buffer(&tmp, &tdata->buffer);
- tdata->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+ gss_release_buffer(&tmp, &tdata->buffer);
+ tdata->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
}
cleanup:
if (tiov != NULL)
- free(tiov);
+ free(tiov);
*minor_status = code;
@@ -635,35 +635,34 @@
OM_uint32
kg_unseal_iov(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int *conf_state,
- gss_qop_t *qop_state,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype)
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype)
{
krb5_gss_ctx_id_rec *ctx;
OM_uint32 code;
if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
+ *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+ return GSS_S_NO_CONTEXT;
}
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
- *minor_status = KG_CTX_INCOMPLETE;
- return GSS_S_NO_CONTEXT;
+ *minor_status = KG_CTX_INCOMPLETE;
+ return GSS_S_NO_CONTEXT;
}
if (kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM) != NULL) {
- code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state,
- iov, iov_count, toktype);
+ code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state,
+ iov, iov_count, toktype);
} else {
- code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state,
- iov, iov_count, toktype);
+ code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state,
+ iov, iov_count, toktype);
}
return code;
}
-
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/krb5_gss_glue.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -61,26 +61,26 @@
krb5_flags *ticket_flags)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH,
- GSS_KRB5_GET_TKT_FLAGS_OID };
+ GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH,
+ GSS_KRB5_GET_TKT_FLAGS_OID };
OM_uint32 major_status;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
if (ticket_flags == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
major_status = gss_inquire_sec_context_by_oid(minor_status,
- context_handle,
- (const gss_OID)&req_oid,
- &data_set);
+ context_handle,
+ (const gss_OID)&req_oid,
+ &data_set);
if (major_status != GSS_S_COMPLETE)
- return major_status;
+ return major_status;
if (data_set == GSS_C_NO_BUFFER_SET ||
data_set->count != 1 ||
- data_set->elements[0].length != sizeof(*ticket_flags)) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
+ data_set->elements[0].length != sizeof(*ticket_flags)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
}
*ticket_flags = *((krb5_flags *)data_set->elements[0].value);
@@ -99,21 +99,21 @@
krb5_ccache out_ccache)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_COPY_CCACHE_OID_LENGTH,
- GSS_KRB5_COPY_CCACHE_OID };
+ GSS_KRB5_COPY_CCACHE_OID_LENGTH,
+ GSS_KRB5_COPY_CCACHE_OID };
OM_uint32 major_status;
gss_buffer_desc req_buffer;
if (out_ccache == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
req_buffer.value = out_ccache;
req_buffer.length = sizeof(out_ccache);
major_status = gssspi_set_cred_option(minor_status,
- cred_handle,
- (const gss_OID)&req_oid,
- &req_buffer);
+ cred_handle,
+ (const gss_OID)&req_oid,
+ &req_buffer);
return major_status;
}
@@ -131,7 +131,7 @@
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
if (kctx == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
*kctx = NULL;
@@ -139,25 +139,25 @@
req_oid.length = sizeof(oid_buf);
major_status = generic_gss_oid_compose(minor_status,
- GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
- GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
- (int)version,
- &req_oid);
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+ (int)version,
+ &req_oid);
if (GSS_ERROR(major_status))
- return major_status;
+ return major_status;
major_status = gss_inquire_sec_context_by_oid(minor_status,
- *context_handle,
- &req_oid,
- &data_set);
+ *context_handle,
+ &req_oid,
+ &data_set);
if (GSS_ERROR(major_status))
- return major_status;
+ return major_status;
if (data_set == GSS_C_NO_BUFFER_SET ||
data_set->count != 1 ||
- data_set->elements[0].length != sizeof(void *)) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
+ data_set->elements[0].length != sizeof(void *)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
}
*kctx = *((void **)data_set->elements[0].value);
@@ -181,12 +181,12 @@
krb5_enctype *ktypes)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH,
- GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID };
+ GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH,
+ GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID };
OM_uint32 major_status;
struct krb5_gss_set_allowable_enctypes_req req;
gss_buffer_desc req_buffer;
-
+
req.num_ktypes = num_ktypes;
req.ktypes = ktypes;
@@ -194,9 +194,9 @@
req_buffer.value = &req;
major_status = gssspi_set_cred_option(minor_status,
- cred,
- (const gss_OID)&req_oid,
- &req_buffer);
+ cred,
+ (const gss_OID)&req_oid,
+ &req_buffer);
return major_status;
}
@@ -208,8 +208,8 @@
const char **out_name)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_CCACHE_NAME_OID_LENGTH,
- GSS_KRB5_CCACHE_NAME_OID };
+ GSS_KRB5_CCACHE_NAME_OID_LENGTH,
+ GSS_KRB5_CCACHE_NAME_OID };
OM_uint32 major_status;
struct krb5_gss_ccache_name_req req;
gss_buffer_desc req_buffer;
@@ -221,11 +221,11 @@
req_buffer.value = &req;
major_status = gssspi_mech_invoke(minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
- return major_status;
+ return major_status;
}
OM_uint32 KRB5_CALLCONV
@@ -234,8 +234,8 @@
void *kctx)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
- GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
+ GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
+ GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
OM_uint32 major_status;
gss_buffer_desc req_buffer;
@@ -243,19 +243,19 @@
req_buffer.value = kctx;
major_status = gssspi_mech_invoke(minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
- return major_status;
+ return major_status;
}
OM_uint32 KRB5_CALLCONV
krb5_gss_register_acceptor_identity(const char *keytab)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
- GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
+ GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
+ GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
OM_uint32 major_status;
OM_uint32 minor_status;
gss_buffer_desc req_buffer;
@@ -264,19 +264,19 @@
req_buffer.value = (char *)keytab;
major_status = gssspi_mech_invoke(&minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
- return major_status;
+ return major_status;
}
krb5_error_code
krb5_gss_use_kdc_context(void)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
- GSS_KRB5_USE_KDC_CONTEXT_OID };
+ GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
+ GSS_KRB5_USE_KDC_CONTEXT_OID };
OM_uint32 major_status;
OM_uint32 minor_status;
gss_buffer_desc req_buffer;
@@ -285,9 +285,9 @@
req_buffer.value = NULL;
major_status = gssspi_mech_invoke(&minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
return major_status;
}
@@ -309,30 +309,30 @@
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
if (ad_data == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
req_oid.elements = oid_buf;
req_oid.length = sizeof(oid_buf);
major_status = generic_gss_oid_compose(minor_status,
- GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
- GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
- ad_type,
- &req_oid);
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+ ad_type,
+ &req_oid);
if (GSS_ERROR(major_status))
- return major_status;
+ return major_status;
major_status = gss_inquire_sec_context_by_oid(minor_status,
- context_handle,
- (const gss_OID)&req_oid,
- &data_set);
+ context_handle,
+ (const gss_OID)&req_oid,
+ &data_set);
if (major_status != GSS_S_COMPLETE) {
- return major_status;
+ return major_status;
}
if (data_set == GSS_C_NO_BUFFER_SET ||
- data_set->count != 1) {
- return GSS_S_FAILURE;
+ data_set->count != 1) {
+ return GSS_S_FAILURE;
}
ad_data->length = data_set->elements[0].length;
@@ -355,48 +355,48 @@
krb5_rcache rcache)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH,
- GSS_KRB5_SET_CRED_RCACHE_OID };
+ GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH,
+ GSS_KRB5_SET_CRED_RCACHE_OID };
OM_uint32 major_status;
gss_buffer_desc req_buffer;
-
+
req_buffer.length = sizeof(rcache);
req_buffer.value = rcache;
major_status = gssspi_set_cred_option(minor_status,
- cred,
- (const gss_OID)&req_oid,
- &req_buffer);
+ cred,
+ (const gss_OID)&req_oid,
+ &req_buffer);
return major_status;
}
OM_uint32 KRB5_CALLCONV
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- krb5_timestamp *authtime)
+ gss_ctx_id_t context_handle,
+ krb5_timestamp *authtime)
{
static const gss_OID_desc const req_oid = {
- GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
- GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
+ GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
+ GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
OM_uint32 major_status;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
if (authtime == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
major_status = gss_inquire_sec_context_by_oid(minor_status,
- context_handle,
- (const gss_OID)&req_oid,
- &data_set);
+ context_handle,
+ (const gss_OID)&req_oid,
+ &data_set);
if (major_status != GSS_S_COMPLETE)
- return major_status;
+ return major_status;
if (data_set == GSS_C_NO_BUFFER_SET ||
data_set->count != 1 ||
- data_set->elements[0].length != sizeof(*authtime)) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
+ data_set->elements[0].length != sizeof(*authtime)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
}
*authtime = *((krb5_timestamp *)data_set->elements[0].value);
@@ -407,4 +407,3 @@
return GSS_S_COMPLETE;
}
-
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/lucid_context.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/lucid_context.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/lucid_context.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -64,15 +64,15 @@
gss_krb5int_export_lucid_sec_context(
OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
- const gss_OID desired_object,
- gss_buffer_set_t *data_set)
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
{
krb5_error_code kret = 0;
OM_uint32 retval;
krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle;
void *lctx = NULL;
- int version = 0;
- gss_buffer_desc rep;
+ int version = 0;
+ gss_buffer_desc rep;
/* Assume failure */
retval = GSS_S_FAILURE;
@@ -80,12 +80,12 @@
*data_set = GSS_C_NO_BUFFER_SET;
retval = generic_gss_oid_decompose(minor_status,
- GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
- GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
- desired_object,
- &version);
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+ desired_object,
+ &version);
if (GSS_ERROR(retval))
- return retval;
+ return retval;
/* Externalize a structure of the right version */
switch (version) {
@@ -112,7 +112,7 @@
retval = generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
if (GSS_ERROR(retval))
- goto error_out;
+ goto error_out;
error_out:
if (*minor_status == 0)
@@ -134,7 +134,7 @@
OM_uint32 retval;
krb5_error_code kret = 0;
int version;
- void *kctx;
+ void *kctx;
/* Assume failure */
retval = GSS_S_FAILURE;
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/seal.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/seal.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/seal.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -48,35 +48,35 @@
/* AEAD interfaces */
OM_uint32
krb5_gss_wrap_iov(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major_status;
major_status = kg_seal_iov(minor_status, context_handle, conf_req_flag,
- qop_req, conf_state,
- iov, iov_count, KG_TOK_WRAP_MSG);
+ qop_req, conf_state,
+ iov, iov_count, KG_TOK_WRAP_MSG);
return major_status;
}
OM_uint32
krb5_gss_wrap_iov_length(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major_status;
major_status = kg_seal_iov_length(minor_status, context_handle, conf_req_flag,
- qop_req, conf_state, iov, iov_count);
+ qop_req, conf_state, iov, iov_count);
return major_status;
}
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/ser_sctx.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/ser_sctx.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/ser_sctx.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -342,16 +342,16 @@
KV5M_KEYBLOCK,
(krb5_pointer) ctx->acceptor_subkey,
&required);
- if (!kret && ctx->authdata) {
- krb5_int32 i;
+ if (!kret && ctx->authdata) {
+ krb5_int32 i;
- for (i = 0; !kret && ctx->authdata[i]; i++) {
- kret = krb5_size_opaque(kcontext,
- KV5M_AUTHDATA,
- (krb5_pointer)ctx->authdata[i],
- &required);
- }
- }
+ for (i = 0; !kret && ctx->authdata[i]; i++) {
+ kret = krb5_size_opaque(kcontext,
+ KV5M_AUTHDATA,
+ (krb5_pointer)ctx->authdata[i],
+ &required);
+ }
+ }
if (!kret)
*sizep += required;
}
@@ -498,25 +498,25 @@
if (!kret)
kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache,
&bp, &remain);
- if (!kret) {
- krb5_int32 i = 0;
+ if (!kret) {
+ krb5_int32 i = 0;
- if (ctx->authdata) {
- for (; ctx->authdata[i]; i++)
- ;
- }
- /* authdata count */
- kret = krb5_ser_pack_int32(i, &bp, &remain);
- if (!kret && ctx->authdata) {
- /* authdata */
- for (i = 0; !kret && ctx->authdata[i]; i++)
- kret = krb5_externalize_opaque(kcontext,
- KV5M_AUTHDATA,
- ctx->authdata[i],
- &bp,
- &remain);
- }
- }
+ if (ctx->authdata) {
+ for (; ctx->authdata[i]; i++)
+ ;
+ }
+ /* authdata count */
+ kret = krb5_ser_pack_int32(i, &bp, &remain);
+ if (!kret && ctx->authdata) {
+ /* authdata */
+ for (i = 0; !kret && ctx->authdata[i]; i++)
+ kret = krb5_externalize_opaque(kcontext,
+ KV5M_AUTHDATA,
+ ctx->authdata[i],
+ &bp,
+ &remain);
+ }
+ }
/* trailer */
if (!kret)
kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
@@ -697,27 +697,27 @@
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->cred_rcache = ibuf;
- /* authdata */
+ /* authdata */
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- if (!kret) {
- krb5_int32 nadata = ibuf, i;
+ if (!kret) {
+ krb5_int32 nadata = ibuf, i;
- if (nadata > 0) {
- ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1,
- sizeof(krb5_authdata *));
- if (ctx->authdata == NULL) {
- kret = ENOMEM;
- } else {
- for (i = 0; !kret && i < nadata; i++)
- kret = krb5_internalize_opaque(kcontext,
- KV5M_AUTHDATA,
- (krb5_pointer *)&ctx->authdata[i],
- &bp,
- &remain);
- }
- }
- }
+ if (nadata > 0) {
+ ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1,
+ sizeof(krb5_authdata *));
+ if (ctx->authdata == NULL) {
+ kret = ENOMEM;
+ } else {
+ for (i = 0; !kret && i < nadata; i++)
+ kret = krb5_internalize_opaque(kcontext,
+ KV5M_AUTHDATA,
+ (krb5_pointer *)&ctx->authdata[i],
+ &bp,
+ &remain);
+ }
+ }
+ }
/* Get trailer */
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/set_ccache.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/set_ccache.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/set_ccache.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -33,9 +33,9 @@
OM_uint32 KRB5_CALLCONV
gss_krb5int_ccache_name(OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
char *old_name = NULL;
OM_uint32 err = 0;
@@ -52,7 +52,7 @@
assert(value->length == sizeof(*req));
if (value->length != sizeof(*req))
- return GSS_S_FAILURE;
+ return GSS_S_FAILURE;
req = (struct krb5_gss_ccache_name_req *)value->value;
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/sign.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/sign.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/sign.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -45,33 +45,33 @@
#if 0
OM_uint32
krb5_gss_get_mic_iov(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major_status;
major_status = kg_seal_iov(minor_status, context_handle, FALSE,
- qop_req, NULL,
- iov, iov_count, KG_TOK_MIC_MSG);
+ qop_req, NULL,
+ iov, iov_count, KG_TOK_MIC_MSG);
return major_status;
}
OM_uint32
krb5_gss_get_mic_iov_length(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- int *conf_state,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major_status;
major_status = kg_seal_iov_length(minor_status, context_handle, conf_req_flag,
- qop_req, conf_state, iov, iov_count);
+ qop_req, conf_state, iov, iov_count);
return major_status;
}
#endif
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/unseal.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/unseal.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/unseal.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -50,17 +50,17 @@
/* AEAD interface */
OM_uint32
krb5_gss_unwrap_iov(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int *conf_state,
- gss_qop_t *qop_state,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major_status;
major_status = kg_unseal_iov(minor_status, context_handle,
- conf_state, qop_state,
- iov, iov_count, KG_TOK_WRAP_MSG);
+ conf_state, qop_state,
+ iov, iov_count, KG_TOK_WRAP_MSG);
return major_status;
}
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/util_cksum.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/util_cksum.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/util_cksum.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -110,15 +110,15 @@
krb5_error_code
kg_make_checksum_iov_v1(krb5_context context,
- krb5_cksumtype type,
- size_t cksum_len,
- krb5_keyblock *seq,
- krb5_keyblock *enc,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int toktype,
- krb5_checksum *checksum)
+ krb5_cksumtype type,
+ size_t cksum_len,
+ krb5_keyblock *seq,
+ krb5_keyblock *enc,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int toktype,
+ krb5_checksum *checksum)
{
krb5_error_code code;
gss_iov_buffer_desc *header;
@@ -133,19 +133,19 @@
kiov_count = 3 + iov_count;
kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov));
if (kiov == NULL)
- return ENOMEM;
+ return ENOMEM;
/* Checksum over ( Header | Confounder | Data | Pad ) */
if (toktype == KG_TOK_WRAP_MSG)
- conf_len = kg_confounder_size(context, (krb5_keyblock *)enc);
+ conf_len = kg_confounder_size(context, (krb5_keyblock *)enc);
/* Checksum output */
kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
kiov[i].data.length = checksum->length;
kiov[i].data.data = xmalloc(checksum->length);
if (kiov[i].data.data == NULL) {
- xfree(kiov);
- return ENOMEM;
+ xfree(kiov);
+ return ENOMEM;
}
i++;
@@ -160,25 +160,25 @@
/* Confounder */
if (toktype == KG_TOK_WRAP_MSG) {
- kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
- kiov[i].data.length = conf_len;
- kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len;
- i++;
+ kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
+ kiov[i].data.length = conf_len;
+ kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len;
+ i++;
}
for (j = 0; j < iov_count; j++) {
- kiov[i].flags = kg_translate_flag_iov(iov[j].type);
- kiov[i].data.length = iov[j].buffer.length;
- kiov[i].data.data = (char *)iov[j].buffer.value;
- i++;
+ kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+ kiov[i].data.length = iov[j].buffer.length;
+ kiov[i].data.data = (char *)iov[j].buffer.value;
+ i++;
}
code = krb5_c_make_checksum_iov(context, type, seq, sign_usage, kiov, kiov_count);
if (code == 0) {
- checksum->length = kiov[0].data.length;
- checksum->contents = (unsigned char *)kiov[0].data.data;
+ checksum->length = kiov[0].data.length;
+ checksum->contents = (unsigned char *)kiov[0].data.data;
} else
- free(kiov[0].data.data);
+ free(kiov[0].data.data);
xfree(kiov);
@@ -187,14 +187,14 @@
static krb5_error_code
checksum_iov_v3(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- krb5_boolean verify,
- krb5_boolean *valid)
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ krb5_boolean verify,
+ krb5_boolean *valid)
{
krb5_error_code code;
gss_iov_buffer_desc *header;
@@ -205,11 +205,11 @@
unsigned int k5_checksumlen;
if (verify)
- *valid = FALSE;
+ *valid = FALSE;
code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
if (code != 0)
- return code;
+ return code;
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
assert(header != NULL);
@@ -218,26 +218,26 @@
assert(rrc != 0 || trailer != NULL);
if (trailer == NULL) {
- if (rrc != k5_checksumlen)
- return KRB5_BAD_MSIZE;
- if (header->buffer.length != 16 + k5_checksumlen)
- return KRB5_BAD_MSIZE;
+ if (rrc != k5_checksumlen)
+ return KRB5_BAD_MSIZE;
+ if (header->buffer.length != 16 + k5_checksumlen)
+ return KRB5_BAD_MSIZE;
} else if (trailer->buffer.length != k5_checksumlen)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
kiov_count = 2 + iov_count;
kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov));
if (kiov == NULL)
- return ENOMEM;
+ return ENOMEM;
/* Checksum over ( Data | Header ) */
/* Data */
for (j = 0; j < iov_count; j++) {
- kiov[i].flags = kg_translate_flag_iov(iov[j].type);
- kiov[i].data.length = iov[j].buffer.length;
- kiov[i].data.data = (char *)iov[j].buffer.value;
- i++;
+ kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+ kiov[i].data.length = iov[j].buffer.length;
+ kiov[i].data.data = (char *)iov[j].buffer.value;
+ i++;
}
/* Header */
@@ -249,18 +249,18 @@
/* Checksum */
kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
if (trailer == NULL) {
- kiov[i].data.length = header->buffer.length - 16;
- kiov[i].data.data = (char *)header->buffer.value + 16;
+ kiov[i].data.length = header->buffer.length - 16;
+ kiov[i].data.data = (char *)header->buffer.value + 16;
} else {
- kiov[i].data.length = trailer->buffer.length;
- kiov[i].data.data = (char *)trailer->buffer.value;
+ kiov[i].data.length = trailer->buffer.length;
+ kiov[i].data.data = (char *)trailer->buffer.value;
}
i++;
if (verify)
- code = krb5_c_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
+ code = krb5_c_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
else
- code = krb5_c_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);
+ code = krb5_c_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);
xfree(kiov);
@@ -269,27 +269,27 @@
krb5_error_code
kg_make_checksum_iov_v3(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
return checksum_iov_v3(context, type, rrc, key,
- sign_usage, iov, iov_count, 0, NULL);
+ sign_usage, iov, iov_count, 0, NULL);
}
krb5_error_code
kg_verify_checksum_iov_v3(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- krb5_boolean *valid)
+ krb5_cksumtype type,
+ size_t rrc,
+ krb5_keyblock *key,
+ krb5_keyusage sign_usage,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ krb5_boolean *valid)
{
return checksum_iov_v3(context, type, rrc, key,
- sign_usage, iov, iov_count, 1, valid);
+ sign_usage, iov, iov_count, 1, valid);
}
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/util_crypt.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/util_crypt.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/util_crypt.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -58,37 +58,37 @@
static krb5_error_code
kg_copy_keys(krb5_context context,
- krb5_gss_ctx_id_rec *ctx,
- krb5_keyblock *subkey)
+ krb5_gss_ctx_id_rec *ctx,
+ krb5_keyblock *subkey)
{
krb5_error_code code;
if (ctx->enc != NULL) {
- krb5_free_keyblock(context, ctx->enc);
- ctx->enc = NULL;
+ krb5_free_keyblock(context, ctx->enc);
+ ctx->enc = NULL;
}
code = krb5_copy_keyblock(context, subkey, &ctx->enc);
if (code != 0)
- return code;
+ return code;
if (ctx->seq != NULL) {
- krb5_free_keyblock(context, ctx->seq);
- ctx->seq = NULL;
+ krb5_free_keyblock(context, ctx->seq);
+ ctx->seq = NULL;
}
code = krb5_copy_keyblock(context, subkey, &ctx->seq);
if (code != 0)
- return code;
+ return code;
return 0;
}
krb5_error_code
kg_setup_keys(krb5_context context,
- krb5_gss_ctx_id_rec *ctx,
- krb5_keyblock *subkey,
- krb5_cksumtype *cksumtype)
+ krb5_gss_ctx_id_rec *ctx,
+ krb5_keyblock *subkey,
+ krb5_cksumtype *cksumtype)
{
krb5_error_code code;
unsigned int i;
@@ -101,61 +101,61 @@
ctx->proto = 0;
if (ctx->enc == NULL) {
- ctx->signalg = -1;
- ctx->sealalg = -1;
+ ctx->signalg = -1;
+ ctx->sealalg = -1;
}
-
+
code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION);
if (code != 0)
- return code;
+ return code;
code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, subkey->enctype,
- cksumtype);
+ cksumtype);
if (code != 0)
- return code;
+ return code;
switch (subkey->enctype) {
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_CRC:
- code = kg_copy_keys(context, ctx, subkey);
- if (code != 0)
- return code;
+ code = kg_copy_keys(context, ctx, subkey);
+ if (code != 0)
+ return code;
- ctx->enc->enctype = ENCTYPE_DES_CBC_RAW;
- ctx->seq->enctype = ENCTYPE_DES_CBC_RAW;
- ctx->signalg = SGN_ALG_DES_MAC_MD5;
- ctx->cksum_size = 8;
- ctx->sealalg = SEAL_ALG_DES;
+ ctx->enc->enctype = ENCTYPE_DES_CBC_RAW;
+ ctx->seq->enctype = ENCTYPE_DES_CBC_RAW;
+ ctx->signalg = SGN_ALG_DES_MAC_MD5;
+ ctx->cksum_size = 8;
+ ctx->sealalg = SEAL_ALG_DES;
- for (i = 0; i < ctx->enc->length; i++)
- /*SUPPRESS 113*/
- ctx->enc->contents[i] ^= 0xF0;
- break;
+ for (i = 0; i < ctx->enc->length; i++)
+ /*SUPPRESS 113*/
+ ctx->enc->contents[i] ^= 0xF0;
+ break;
case ENCTYPE_DES3_CBC_SHA1:
- code = kg_copy_keys(context, ctx, subkey);
- if (code != 0)
- return code;
+ code = kg_copy_keys(context, ctx, subkey);
+ if (code != 0)
+ return code;
- ctx->enc->enctype = ENCTYPE_DES3_CBC_RAW;
- ctx->seq->enctype = ENCTYPE_DES3_CBC_RAW;
- ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
- ctx->cksum_size = 20;
- ctx->sealalg = SEAL_ALG_DES3KD;
- break;
+ ctx->enc->enctype = ENCTYPE_DES3_CBC_RAW;
+ ctx->seq->enctype = ENCTYPE_DES3_CBC_RAW;
+ ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+ ctx->cksum_size = 20;
+ ctx->sealalg = SEAL_ALG_DES3KD;
+ break;
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP:
- code = kg_copy_keys(context, ctx, subkey);
- if (code != 0)
- return code;
+ code = kg_copy_keys(context, ctx, subkey);
+ if (code != 0)
+ return code;
- ctx->signalg = SGN_ALG_HMAC_MD5;
- ctx->cksum_size = 8;
- ctx->sealalg = SEAL_ALG_MICROSOFT_RC4;
- break;
+ ctx->signalg = SGN_ALG_HMAC_MD5;
+ ctx->cksum_size = 8;
+ ctx->sealalg = SEAL_ALG_MICROSOFT_RC4;
+ break;
default:
- ctx->proto = 1;
- break;
+ ctx->proto = 1;
+ break;
}
return 0;
@@ -170,7 +170,7 @@
size_t blocksize;
/* We special case rc4*/
if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
- key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
return 8;
code = krb5_c_block_size(context, key->enctype, &blocksize);
if (code)
@@ -190,7 +190,7 @@
confsize = kg_confounder_size(context, key);
if (confsize < 0)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
lrandom.length = confsize;
lrandom.data = (char *)buf;
@@ -314,8 +314,8 @@
goto cleanup_arcfour;
if (exportable) {
- memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
- i += sizeof(kg_arcfour_l40);
+ memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
+ i += sizeof(kg_arcfour_l40);
}
t[i++] = ms_usage &0xff;
t[i++] = (ms_usage>>8) & 0xff;
@@ -330,7 +330,7 @@
if (code)
goto cleanup_arcfour;
if (exportable)
- memset(usage_key.contents + 7, 0xab, 9);
+ memset(usage_key.contents + 7, 0xab, 9);
input.data = ( void *) kd_data;
input.length = kd_data_len;
@@ -380,7 +380,7 @@
assert(header != NULL);
if (header->buffer.length < conf_len)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
assert(trailer == NULL || trailer->buffer.length == 0);
@@ -388,7 +388,7 @@
kiov_count = 3 + iov_count;
kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov));
if (kiov == NULL)
- return ENOMEM;
+ return ENOMEM;
/* For pre-CFX (raw enctypes) there is no krb5 header */
kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER;
@@ -403,13 +403,13 @@
i++;
for (j = 0; j < iov_count; j++) {
- kiov[i].flags = kg_translate_flag_iov(iov[j].type);
- if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
- continue;
+ kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+ if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
+ continue;
- kiov[i].data.length = iov[j].buffer.length;
- kiov[i].data.data = (char *)iov[j].buffer.value;
- i++;
+ kiov[i].data.length = iov[j].buffer.length;
+ kiov[i].data.data = (char *)iov[j].buffer.value;
+ i++;
}
kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
@@ -426,9 +426,9 @@
static krb5_error_code
kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count)
krb5_context context;
- int dce_style; /* DCE_STYLE indicates actual RRC is EC + RRC */
- size_t ec; /* Extra rotate count for DCE_STYLE, pad length otherwise */
- size_t rrc; /* Rotate count */
+ int dce_style; /* DCE_STYLE indicates actual RRC is EC + RRC */
+ size_t ec; /* Extra rotate count for DCE_STYLE, pad length otherwise */
+ size_t rrc; /* Rotate count */
const krb5_keyblock *key;
gss_iov_buffer_desc *iov;
int iov_count;
@@ -455,11 +455,11 @@
code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
if (code != 0)
- return code;
+ return code;
code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
if (code != 0)
- return code;
+ return code;
/* Check header and trailer sizes */
gss_headerlen = 16 /* GSS-Header */ + k5_headerlen; /* Kerb-Header */
@@ -467,28 +467,28 @@
/* If we're caller without a trailer, we must rotate by trailer length */
if (trailer == NULL) {
- size_t actual_rrc = rrc;
+ size_t actual_rrc = rrc;
- if (dce_style)
- actual_rrc += ec; /* compensate for Windows bug */
+ if (dce_style)
+ actual_rrc += ec; /* compensate for Windows bug */
- if (actual_rrc != gss_trailerlen)
- return KRB5_BAD_MSIZE;
+ if (actual_rrc != gss_trailerlen)
+ return KRB5_BAD_MSIZE;
- gss_headerlen += gss_trailerlen;
- gss_trailerlen = 0;
+ gss_headerlen += gss_trailerlen;
+ gss_trailerlen = 0;
} else {
- if (trailer->buffer.length != gss_trailerlen)
- return KRB5_BAD_MSIZE;
+ if (trailer->buffer.length != gss_trailerlen)
+ return KRB5_BAD_MSIZE;
}
if (header->buffer.length != gss_headerlen)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
kiov_count = 3 + iov_count;
kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov));
if (kiov == NULL)
- return ENOMEM;
+ return ENOMEM;
/*
* The krb5 header is located at the end of the GSS header.
@@ -499,13 +499,13 @@
i++;
for (j = 0; j < iov_count; j++) {
- kiov[i].flags = kg_translate_flag_iov(iov[j].type);
- if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
- continue;
+ kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+ if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
+ continue;
- kiov[i].data.length = iov[j].buffer.length;
- kiov[i].data.data = (char *)iov[j].buffer.value;
- i++;
+ kiov[i].data.length = iov[j].buffer.length;
+ kiov[i].data.data = (char *)iov[j].buffer.value;
+ i++;
}
/*
@@ -516,9 +516,9 @@
kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
kiov[i].data.length = ec + 16; /* E(Header) */
if (trailer == NULL)
- kiov[i].data.data = (char *)header->buffer.value + 16;
+ kiov[i].data.data = (char *)header->buffer.value + 16;
else
- kiov[i].data.data = (char *)trailer->buffer.value;
+ kiov[i].data.data = (char *)trailer->buffer.value;
i++;
/*
@@ -539,7 +539,7 @@
static krb5_error_code
kg_translate_iov(context, proto, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count)
krb5_context context;
- int proto; /* 1 if CFX, 0 for pre-CFX */
+ int proto; /* 1 if CFX, 0 for pre-CFX */
int dce_style;
size_t ec;
size_t rrc;
@@ -550,8 +550,8 @@
size_t *pkiov_count;
{
return proto ?
- kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) :
- kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count);
+ kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) :
+ kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count);
}
krb5_error_code
@@ -589,10 +589,10 @@
}
code = kg_translate_iov(context, proto, dce_style, ec, rrc, key,
- iov, iov_count, &kiov, &kiov_count);
+ iov, iov_count, &kiov, &kiov_count);
if (code == 0) {
- code = krb5_c_encrypt_iov(context, key, usage, pivd, kiov, kiov_count);
- free(kiov);
+ code = krb5_c_encrypt_iov(context, key, usage, pivd, kiov, kiov_count);
+ free(kiov);
}
if (pivd != NULL)
@@ -638,10 +638,10 @@
}
code = kg_translate_iov(context, proto, dce_style, ec, rrc, key,
- iov, iov_count, &kiov, &kiov_count);
+ iov, iov_count, &kiov, &kiov_count);
if (code == 0) {
- code = krb5_c_decrypt_iov(context, key, usage, pivd, kiov, kiov_count);
- free(kiov);
+ code = krb5_c_decrypt_iov(context, key, usage, pivd, kiov, kiov_count);
+ free(kiov);
}
if (pivd != NULL)
@@ -652,7 +652,7 @@
krb5_error_code
kg_arcfour_docrypt_iov (krb5_context context,
- const krb5_keyblock *longterm_key , int ms_usage,
+ const krb5_keyblock *longterm_key , int ms_usage,
const unsigned char *kd_data, size_t kd_data_len,
gss_iov_buffer_desc *iov, int iov_count)
{
@@ -681,8 +681,8 @@
goto cleanup_arcfour;
if (exportable) {
- memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
- i += sizeof(kg_arcfour_l40);
+ memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
+ i += sizeof(kg_arcfour_l40);
}
t[i++] = ms_usage &0xff;
t[i++] = (ms_usage>>8) & 0xff;
@@ -697,7 +697,7 @@
if (code)
goto cleanup_arcfour;
if (exportable)
- memset(usage_key.contents + 7, 0xab, 9);
+ memset(usage_key.contents + 7, 0xab, 9);
input.data = ( void *) kd_data;
input.length = kd_data_len;
@@ -708,10 +708,10 @@
goto cleanup_arcfour;
code = kg_translate_iov(context, 0 /* proto */, 0 /* dce_style */,
- 0 /* ec */, 0 /* rrc */, longterm_key,
- iov, iov_count, &kiov, &kiov_count);
+ 0 /* ec */, 0 /* rrc */, longterm_key,
+ iov, iov_count, &kiov, &kiov_count);
if (code)
- goto cleanup_arcfour;
+ goto cleanup_arcfour;
code = ((*kaccess.arcfour_enc_provider->encrypt_iov)(
&seq_enc_key, 0,
@@ -722,7 +722,7 @@
free ((void *) usage_key.contents);
free ((void *) seq_enc_key.contents);
if (kiov != NULL)
- free(kiov);
+ free(kiov);
return (code);
}
@@ -734,14 +734,14 @@
switch (GSS_IOV_BUFFER_TYPE(type)) {
case GSS_IOV_BUFFER_TYPE_DATA:
case GSS_IOV_BUFFER_TYPE_PADDING:
- ktype = KRB5_CRYPTO_TYPE_DATA;
- break;
+ ktype = KRB5_CRYPTO_TYPE_DATA;
+ break;
case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
- ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY;
- break;
+ ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+ break;
default:
- ktype = KRB5_CRYPTO_TYPE_EMPTY;
- break;
+ ktype = KRB5_CRYPTO_TYPE_EMPTY;
+ break;
}
return ktype;
@@ -749,22 +749,22 @@
gss_iov_buffer_t
kg_locate_iov(gss_iov_buffer_desc *iov,
- int iov_count,
- OM_uint32 type)
+ int iov_count,
+ OM_uint32 type)
{
int i;
gss_iov_buffer_t p = GSS_C_NO_IOV_BUFFER;
if (iov == GSS_C_NO_IOV_BUFFER)
- return GSS_C_NO_IOV_BUFFER;
+ return GSS_C_NO_IOV_BUFFER;
for (i = iov_count - 1; i >= 0; i--) {
- if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) {
- if (p == GSS_C_NO_IOV_BUFFER)
- p = &iov[i];
- else
- return GSS_C_NO_IOV_BUFFER;
- }
+ if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) {
+ if (p == GSS_C_NO_IOV_BUFFER)
+ p = &iov[i];
+ else
+ return GSS_C_NO_IOV_BUFFER;
+ }
}
return p;
@@ -772,9 +772,9 @@
void
kg_iov_msglen(gss_iov_buffer_desc *iov,
- int iov_count,
- size_t *data_length_p,
- size_t *assoc_data_length_p)
+ int iov_count,
+ size_t *data_length_p,
+ size_t *assoc_data_length_p)
{
int i;
size_t data_length = 0, assoc_data_length = 0;
@@ -784,14 +784,14 @@
*data_length_p = *assoc_data_length_p = 0;
for (i = 0; i < iov_count; i++) {
- OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type);
+ OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type);
- if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
- assoc_data_length += iov[i].buffer.length;
+ if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+ assoc_data_length += iov[i].buffer.length;
- if (type == GSS_IOV_BUFFER_TYPE_DATA ||
- type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
- data_length += iov[i].buffer.length;
+ if (type == GSS_IOV_BUFFER_TYPE_DATA ||
+ type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+ data_length += iov[i].buffer.length;
}
*data_length_p = data_length;
@@ -807,17 +807,17 @@
assert(iov != GSS_C_NO_IOV_BUFFER);
for (i = 0; i < iov_count; i++) {
- if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
- gss_release_buffer(&min_stat, &iov[i].buffer);
- iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
- }
+ if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
+ gss_release_buffer(&min_stat, &iov[i].buffer);
+ iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+ }
}
}
OM_uint32
kg_fixup_padding_iov(OM_uint32 *minor_status,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
gss_iov_buffer_t padding = NULL;
gss_iov_buffer_t data = NULL;
@@ -829,13 +829,13 @@
padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
if (data == NULL) {
- *minor_status = 0;
- return GSS_S_COMPLETE;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
}
if (padding == NULL || padding->buffer.length == 0) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
}
p = (unsigned char *)padding->buffer.value;
@@ -843,8 +843,8 @@
if (data->buffer.length + padding->buffer.length < padlength ||
padlength == 0) {
- *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
- return GSS_S_DEFECTIVE_TOKEN;
+ *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
+ return GSS_S_DEFECTIVE_TOKEN;
}
/*
@@ -860,15 +860,15 @@
*
* eg. if the buffers are structured as follows:
*
- * +---DATA---+-PAD-+
- * | ABCDE444 | 4 |
- * +----------+-----+
+ * +---DATA---+-PAD-+
+ * | ABCDE444 | 4 |
+ * +----------+-----+
*
* after compensation they would look like:
*
- * +-DATA--+-PAD--+
- * | ABCDE | NULL |
- * +-------+------+
+ * +-DATA--+-PAD--+
+ * | ABCDE | NULL |
+ * +-------+------+
*/
relative_padlength = padlength - padding->buffer.length;
@@ -877,8 +877,8 @@
data->buffer.length -= relative_padlength;
if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
- gss_release_buffer(&minor, &padding->buffer);
- padding->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+ gss_release_buffer(&minor, &padding->buffer);
+ padding->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
}
padding->buffer.length = 0;
@@ -896,7 +896,7 @@
case KG_TOK_SIGN_MSG:
toktype2 = KG2_TOK_MIC_MSG;
break;
- case KG_TOK_WRAP_MSG:
+ case KG_TOK_WRAP_MSG:
toktype2 = KG2_TOK_WRAP_MSG;
break;
case KG_TOK_DEL_CTX:
@@ -920,10 +920,10 @@
assert(iov != GSS_C_NO_IOV_BUFFER);
for (i = 0; i < iov_count; i++) {
- if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) {
- has_conf_data = TRUE;
- break;
- }
+ if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) {
+ has_conf_data = TRUE;
+ break;
+ }
}
return (has_conf_data == FALSE);
@@ -937,8 +937,8 @@
iov->buffer.length = size;
iov->buffer.value = xmalloc(size);
if (iov->buffer.value == NULL) {
- iov->buffer.length = 0;
- return ENOMEM;
+ iov->buffer.length = 0;
+ return ENOMEM;
}
iov->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/util_seed.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/util_seed.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/util_seed.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -40,12 +40,12 @@
code = krb5_copy_keyblock(context, key, &tmpkey);
if (code)
- return(code);
+ return(code);
/* reverse the key bytes, as per spec */
for (i=0; i<tmpkey->length; i++)
- tmpkey->contents[i] = key->contents[key->length - 1 - i];
+ tmpkey->contents[i] = key->contents[key->length - 1 - i];
code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16);
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/util_seqnum.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/util_seqnum.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/util_seqnum.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -45,7 +45,7 @@
plain[6] = direction;
plain[7] = direction;
if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
- key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
/* Yes, Microsoft used big-endian sequence number.*/
plain[0] = (seqnum>>24) & 0xff;
plain[1] = (seqnum>>16) & 0xff;
@@ -78,7 +78,7 @@
unsigned char plain[8];
if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
- key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
code = kg_arcfour_docrypt (key, 0,
cksum, 8,
buf, 8,
@@ -96,7 +96,7 @@
*direction = plain[4];
if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
- key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
*seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24));
} else {
*seqnum = ((plain[0]) |
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/verify.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/verify.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/verify.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -49,16 +49,16 @@
#if 0
OM_uint32
krb5_gss_verify_mic_iov(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- gss_qop_t *qop_state,
- gss_iov_buffer_desc *iov,
- int iov_count)
+ gss_ctx_id_t context_handle,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major_status;
major_status = kg_unseal_iov(minor_status, context_handle,
- NULL, qop_state,
- iov, iov_count, KG_TOK_WRAP_MSG);
+ NULL, qop_state,
+ iov, iov_count, KG_TOK_WRAP_MSG);
return major_status;
}
Modified: branches/mkey_migrate/src/lib/gssapi/krb5/wrap_size_limit.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/krb5/wrap_size_limit.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/krb5/wrap_size_limit.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -114,10 +114,10 @@
/* Token header: 16 octets. */
if (conf_req_flag) {
- krb5_enctype enctype;
+ krb5_enctype enctype;
- enctype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey->enctype
- : ctx->subkey->enctype;
+ enctype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey->enctype
+ : ctx->subkey->enctype;
while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
sz--;
@@ -135,18 +135,18 @@
sz = 0;
#endif
} else {
- krb5_cksumtype cksumtype;
- krb5_error_code err;
- size_t cksumsize;
+ krb5_cksumtype cksumtype;
+ krb5_error_code err;
+ size_t cksumsize;
- cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
- : ctx->cksumtype;
+ cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
+ : ctx->cksumtype;
- err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
- if (err) {
- *minor_status = err;
- return GSS_S_FAILURE;
- }
+ err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
+ if (err) {
+ *minor_status = err;
+ return GSS_S_FAILURE;
+ }
/* Allow for token header and checksum. */
if (sz < 16 + cksumsize)
Modified: branches/mkey_migrate/src/lib/gssapi/mechglue/g_initialize.c
===================================================================
--- branches/mkey_migrate/src/lib/gssapi/mechglue/g_initialize.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/gssapi/mechglue/g_initialize.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1111,9 +1111,7 @@
for (endp = modOptions;
*endp && *endp != ']'; endp++);
- if (endp)
- *endp = '\0';
-
+ *endp = '\0';
} else {
modOptions = NULL;
}
Modified: branches/mkey_migrate/src/lib/kadm5/srv/svr_iters.c
===================================================================
--- branches/mkey_migrate/src/lib/kadm5/srv/svr_iters.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/kadm5/srv/svr_iters.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -192,7 +192,8 @@
char *regexp;
int i, ret;
kadm5_server_handle_t handle = server_handle;
-
+
+ *princs = NULL;
*count = 0;
if (exp == NULL)
exp = "*";
Modified: branches/mkey_migrate/src/lib/kadm5/srv/svr_principal.c
===================================================================
--- branches/mkey_migrate/src/lib/kadm5/srv/svr_principal.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/kadm5/srv/svr_principal.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -25,6 +25,12 @@
#endif
+#ifdef USE_VALGRIND
+#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_DEFINED(LVALUE) ((void)0)
+#endif
+
extern krb5_principal master_princ;
extern krb5_principal hist_princ;
extern krb5_keylist_node *master_keylist;
@@ -49,6 +55,7 @@
if (tempprinc == 0)
return ENOMEM;
+ VALGRIND_CHECK_DEFINED(*inprinc);
memcpy(tempprinc, inprinc, sizeof(krb5_principal_data));
nelems = (int) krb5_princ_size(context, inprinc);
@@ -72,6 +79,7 @@
if (len)
memcpy(krb5_princ_component(context, tempprinc, i)->data,
krb5_princ_component(context, inprinc, i)->data, len);
+ krb5_princ_component(context, tempprinc, i)->magic = KV5M_DATA;
}
tempprinc->realm.data =
Modified: branches/mkey_migrate/src/lib/kdb/kdb5.c
===================================================================
--- branches/mkey_migrate/src/lib/kdb/kdb5.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/kdb/kdb5.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1770,126 +1770,7 @@
return status;
}
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
-/* XXX WAF: don't think this is needed now that I've modified
- * krb5_def_fetch_mkey_list. Keeping it around just in case. */
-/*
- * get most current master key which may be stored with the master key princ.
- */
-
krb5_error_code
-krb5_db_fetch_latest_mkey(krb5_context context,
- krb5_principal mname,
- krb5_enctype etype,
- krb5_boolean fromkeyboard,
- krb5_boolean twice,
- char * db_args,
- krb5_kvno * kvno,
- krb5_data * salt,
- krb5_keyblock * key)
-{
- krb5_keyblock tmp_mkey, tmp_clearkey;
- krb5_kvno tmp_kvno;
- krb5_db_entry master_entry;
- int nprinc;
- krb5_boolean more, found_key = FALSE;
- krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry;
- krb5_error_code retval = 0;
-
- memset(&tmp_mkey, 0, sizeof(tmp_mkey));
- memset(&tmp_clearkey, 0, sizeof(tmp_clearkey));
-
- /* fetch the local mkey either from stash or via keyboard interactive */
- if ((retval = krb5_db_fetch_mkey(context, mname, etype, fromkeyboard,
- twice, db_args, &tmp_kvno, NULL, &tmp_mkey))) {
- return (retval);
- }
-
- nprinc = 1;
- retval = krb5_db_get_principal(context, mname, &master_entry, &nprinc, &more);
- if (retval != 0)
- goto clean_n_exit;
-
- if ((retval = krb5_dbekd_decrypt_key_data(context, &tmp_mkey,
- &master_entry.key_data[0],
- &tmp_clearkey, NULL)) != 0) {
- /*
- * Note the tmp_kvno may provide a hint as to which mkey_aux tuple to
- * decrypt.
- */
- if ((retval = krb5_dbe_lookup_mkey_aux(context, &master_entry, &mkey_aux_data_list)))
- goto clean_n_exit;
-
- /* for performance sake, try decrypting with matching kvno */
- for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
- aux_data_entry = aux_data_entry->next) {
-
- if (aux_data_entry->mkey_kvno == tmp_kvno) {
- if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
- &tmp_clearkey, NULL) == 0) {
- found_key = TRUE;
- break;
- }
- }
- }
- if (found_key != TRUE) {
- /* given the importance of acquiring the latest mkey, try brute force */
- for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
- aux_data_entry = aux_data_entry->next) {
-
- if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
- &tmp_clearkey, NULL) == 0) {
- found_key = TRUE;
- /* XXX WAF: should I issue warning about kvno not matching?
- */
- break;
- }
- }
- if (found_key != TRUE) {
- krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY,
- "Unable to decrypt latest master key with the provided master key\n");
- retval = KRB5_KDB_BADMASTERKEY;
- goto clean_n_exit;
- }
- }
-
- if ((retval = krb5_db_verify_master_key(context,
- mname,
- tmp_kvno,
- &tmp_clearkey))) {
- krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY,
- "Failed to verify Latest master key decrypted with the provided master key\n");
- retval = KRB5_KDB_BADMASTERKEY;
- goto clean_n_exit;
- }
- }
-
- key->contents = malloc(tmp_clearkey.length);
- if (key->contents == NULL) {
- retval = ENOMEM;
- goto clean_n_exit;
- }
-
- key->magic = tmp_clearkey.magic;
- key->enctype = tmp_clearkey.enctype;
- key->length = tmp_clearkey.length;
- memcpy(key->contents, tmp_clearkey.contents, tmp_clearkey.length);
-
-clean_n_exit:
- if (tmp_mkey.contents) {
- memset(tmp_mkey.contents, 0, tmp_mkey.length);
- krb5_db_free(context, tmp_mkey.contents);
- }
- if (tmp_clearkey.contents) {
- memset(tmp_clearkey.contents, 0, tmp_clearkey.length);
- krb5_db_free(context, tmp_clearkey.contents);
- }
- krb5_db_free_principal(context, &master_entry, nprinc);
- return (retval);
-}
-#endif /**************** END IFDEF'ed OUT *******************************/
-
-krb5_error_code
krb5_dbe_fetch_act_key_list(krb5_context context,
krb5_principal princ,
krb5_actkvno_node **act_key_list)
@@ -2289,6 +2170,9 @@
krb5_tl_data tl_data;
krb5_error_code code;
+ *mod_princ = NULL;
+ *mod_time = 0;
+
tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -269,9 +269,8 @@
retval = asn1buf_remove_octet(buf, &bval);
if (retval) return retval;
-
+
*val = (bval != 0x00);
-
+
cleanup();
}
-
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.h
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_decode.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -61,7 +61,7 @@
asn1_error_code asn1_decode_boolean
- (asn1buf *buf, unsigned int *val);
+ (asn1buf *buf, unsigned int *val);
asn1_error_code asn1_decode_integer
(asn1buf *buf, long *val);
asn1_error_code asn1_decode_unsigned_integer
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -31,7 +31,7 @@
#include "asn1_make.h"
asn1_error_code asn1_encode_boolean(asn1buf *buf, asn1_intmax val,
- unsigned int *retlen)
+ unsigned int *retlen)
{
asn1_error_code retval;
unsigned int length = 0;
@@ -321,10 +321,10 @@
correct byte order, in an allocated krb5_data. */
#ifdef POINTERS_ARE_ALL_THE_SAME
-#define LOADPTR(PTR,TYPE) \
+#define LOADPTR(PTR,TYPE) \
(assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR))
#else
-#define LOADPTR(PTR,TYPE) \
+#define LOADPTR(PTR,TYPE) \
(*(const void *const *)(PTR))
#endif
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.h
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_encode.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -52,7 +52,7 @@
*/
asn1_error_code asn1_encode_boolean
- (asn1buf *buf, asn1_intmax val, unsigned int *retlen);
+ (asn1buf *buf, asn1_intmax val, unsigned int *retlen);
asn1_error_code asn1_encode_integer
(asn1buf *buf, asn1_intmax val, unsigned int *retlen);
/* requires *buf is allocated
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1193,13 +1193,13 @@
*principal = NULL;
{ begin_structure();
- get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring);
- if (tagnum == 1) {
- alloc_field(*principal, krb5_principal_data);
- opt_field(*principal, 1, asn1_decode_principal_name, 0);
- opt_field(*principal, 2, asn1_decode_realm, 0);
- }
- end_structure();
+ get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring);
+ if (tagnum == 1) {
+ alloc_field(*principal, krb5_principal_data);
+ opt_field(*principal, 1, asn1_decode_principal_name, 0);
+ opt_field(*principal, 2, asn1_decode_realm, 0);
+ }
+ end_structure();
}
cleanup();
}
@@ -1208,11 +1208,11 @@
{
setup();
{ begin_structure();
- get_field(val->user,0,asn1_decode_principal_name);
- get_field(val->user,1,asn1_decode_realm);
- get_field(val->cksum,2,asn1_decode_checksum);
- get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring);
- end_structure();
+ get_field(val->user,0,asn1_decode_principal_name);
+ get_field(val->user,1,asn1_decode_realm);
+ get_field(val->cksum,2,asn1_decode_checksum);
+ get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring);
+ end_structure();
}
cleanup();
}
@@ -1221,8 +1221,8 @@
{
setup();
{ begin_structure();
- get_field(val->include_pac,0,asn1_decode_boolean);
- end_structure();
+ get_field(val->include_pac,0,asn1_decode_boolean);
+ end_structure();
}
cleanup();
}
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.h
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_decode.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -234,10 +234,10 @@
(asn1buf *buf, krb5_algorithm_identifier ***val);
asn1_error_code asn1_decode_setpw_req
- (asn1buf *buf, krb5_data *rep, krb5_principal *principal);
+ (asn1buf *buf, krb5_data *rep, krb5_principal *principal);
asn1_error_code asn1_decode_pa_for_user
- (asn1buf *buf, krb5_pa_for_user *val);
+ (asn1buf *buf, krb5_pa_for_user *val);
asn1_error_code asn1_decode_pa_pac_req
- (asn1buf *buf, krb5_pa_pac_req *val);
+ (asn1buf *buf, krb5_pa_pac_req *val);
#endif
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_encode.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_encode.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1_k_encode.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -82,7 +82,7 @@
DEFFNLENTYPE(u_generalstring, unsigned char *, asn1_encode_generalstring);
DEFFNLENTYPE(opaque, char *, asn1_encode_opaque);
-DEFFIELDTYPE(gstring_data, krb5_data,
+DEFFIELDTYPE(gstring_data, krb5_data,
FIELDOF_STRING(krb5_data, generalstring, data, length, -1));
DEFPTRTYPE(gstring_data_ptr,gstring_data);
@@ -247,7 +247,7 @@
/* caddr[11] HostAddresses OPTIONAL */
FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_host_addresses, caddrs,
11, 11),
- /* encrypted-pa-data[12] SEQUENCE OF PA-DATA OPTIONAL */
+ /* encrypted-pa-data[12] SEQUENCE OF PA-DATA OPTIONAL */
FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_pa_data, enc_padata, 12, 12),
};
static unsigned int optional_enc_kdc_rep_part(const void *p)
@@ -1174,7 +1174,7 @@
#endif
/* RFC 4537 */
-DEFFIELDTYPE(etype_list, krb5_etype_list,
+DEFFIELDTYPE(etype_list, krb5_etype_list,
FIELDOF_SEQOF_INT32(krb5_etype_list, int32_ptr, etypes, length, -1));
/* Exported complete encoders -- these produce a krb5_data with
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/asn1buf.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/asn1buf.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/asn1buf.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -55,6 +55,12 @@
#include <stdio.h>
#include "asn1_get.h"
+#ifdef USE_VALGRIND
+#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_READABLE(PTR,SIZE) ((void)0)
+#endif
+
#if !defined(__GNUC__) || defined(CONFIG_SMALL)
/* Declare private procedures as static if they're not used for inline
expansion of other stuff elsewhere. */
@@ -181,6 +187,7 @@
retval = asn1buf_ensure_space(buf,len);
if (retval) return retval;
+ VALGRIND_CHECK_READABLE(sv, len);
for (length=1; length<=len; length++,(buf->next)++)
*(buf->next) = (s[len-length]);
return 0;
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/krb5_decode.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/krb5_decode.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/krb5_decode.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -952,8 +952,8 @@
}
krb5_error_code decode_krb5_setpw_req(const krb5_data *code,
- krb5_data **rep,
- krb5_principal *principal)
+ krb5_data **rep,
+ krb5_principal *principal)
{
setup_buf_only();
alloc_field(*rep, krb5_data);
Modified: branches/mkey_migrate/src/lib/krb5/asn.1/krbasn1.h
===================================================================
--- branches/mkey_migrate/src/lib/krb5/asn.1/krbasn1.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/asn.1/krbasn1.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -46,13 +46,13 @@
#define KVNO 5
/* Universal Tag Numbers */
-#define ASN1_BOOLEAN 1
+#define ASN1_BOOLEAN 1
#define ASN1_INTEGER 2
#define ASN1_BITSTRING 3
#define ASN1_OCTETSTRING 4
#define ASN1_NULL 5
#define ASN1_OBJECTIDENTIFIER 6
-#define ASN1_ENUMERATED 10
+#define ASN1_ENUMERATED 10
#define ASN1_SEQUENCE 16
#define ASN1_SET 17
#define ASN1_PRINTABLESTRING 19
Modified: branches/mkey_migrate/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/krb/get_in_tkt.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/krb/get_in_tkt.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -1341,6 +1341,7 @@
&err_reply->client->realm,
&referred_client.realm);
krb5_free_error(context, err_reply);
+ err_reply = NULL;
if (ret)
goto cleanup;
request.client = &referred_client;
Modified: branches/mkey_migrate/src/lib/krb5/krb/pac.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/krb/pac.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/krb/pac.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -230,7 +230,7 @@
return ret;
data->data = malloc(d.length);
- if (data == NULL)
+ if (data->data == NULL)
return ENOMEM;
data->length = d.length;
@@ -307,25 +307,25 @@
{
krb5_error_code ret;
size_t i;
- PACTYPE header;
const unsigned char *p = (const unsigned char *)ptr;
krb5_pac pac;
size_t header_len;
+ krb5_ui_4 cbuffers, version;
*ppac = NULL;
if (len < PACTYPE_LENGTH)
return ERANGE;
- header.cBuffers = load_32_le(p);
+ cbuffers = load_32_le(p);
p += 4;
- header.Version = load_32_le(p);
+ version = load_32_le(p);
p += 4;
- if (header.Version != 0)
+ if (version != 0)
return EINVAL;
- header_len = PACTYPE_LENGTH + (header.cBuffers * PAC_INFO_BUFFER_LENGTH);
+ header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH);
if (len < header_len)
return ERANGE;
@@ -334,13 +334,14 @@
return ret;
pac->pac = (PACTYPE *)realloc(pac->pac,
- sizeof(PACTYPE) + ((header.cBuffers - 1) * sizeof(PAC_INFO_BUFFER)));
+ sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER)));
if (pac->pac == NULL) {
krb5_pac_free(context, pac);
return ENOMEM;
}
- memcpy(pac->pac, &header, sizeof(header));
+ pac->pac->cBuffers = cbuffers;
+ pac->pac->Version = version;
for (i = 0; i < pac->pac->cBuffers; i++) {
PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
Modified: branches/mkey_migrate/src/lib/krb5/krb/parse.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/krb/parse.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/krb/parse.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -82,6 +82,8 @@
unsigned int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
int first_at;
+ *nprincipal = NULL;
+
/*
* Pass 1. Find out how many components there are to the name,
* and get string sizes for the first FCOMPNUM components. For
Modified: branches/mkey_migrate/src/lib/krb5/os/read_msg.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/os/read_msg.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/os/read_msg.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -37,7 +37,10 @@
int len2, ilen;
char *buf = NULL;
int fd = *( (int *) fdp);
-
+
+ inbuf->data = NULL;
+ inbuf->length = 0;
+
if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4)
return((len2 < 0) ? errno : ECONNABORTED);
len = ntohl(len);
Modified: branches/mkey_migrate/src/lib/krb5/rcache/rc_dfl.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/rcache/rc_dfl.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/rcache/rc_dfl.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -396,7 +396,7 @@
* Hash extension records have the format:
* client = <empty string>
* server = HASH:<msghash> <clientlen>:<client> <serverlen>:<server>
- * Spaces in the client and server string are represented with
+ * Spaces in the client and server string are represented with
* with backslashes. Client and server lengths are represented in
* ASCII decimal (which is different from the 32-bit binary we use
* elsewhere in the replay cache).
@@ -658,8 +658,8 @@
size_t clientlen, serverlen;
unsigned int len;
krb5_error_code ret;
- struct k5buf buf;
- char *ptr;
+ struct k5buf buf, extbuf;
+ char *ptr, *extstr;
clientlen = strlen(rep->client);
serverlen = strlen(rep->server);
@@ -670,8 +670,6 @@
* in regular format (without the message hash) for the
* benefit of old implementations.
*/
- struct k5buf extbuf;
- char *extstr;
/* Format the extension value so we know its length. */
krb5int_buf_init_dynamic(&extbuf);
Modified: branches/mkey_migrate/src/lib/krb5/rcache/rc_io.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/rcache/rc_io.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/rcache/rc_io.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -223,7 +223,7 @@
krb5_error_code retval = 0;
int do_not_unlink = 1;
#ifndef NO_USERID
- struct stat statb;
+ struct stat sb1, sb2;
#endif
char *dir;
size_t dirlen;
@@ -239,24 +239,50 @@
#ifdef NO_USERID
d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+ if (d->fd == -1) {
+ retval = rc_map_errno(context, errno, d->fn, "open");
+ goto cleanup;
+ }
#else
- if ((d->fd = stat(d->fn, &statb)) != -1) {
- uid_t me;
-
- me = geteuid();
- /* must be owned by this user, to prevent some security problems with
- * other users modifying replay cache stufff */
- if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) {
- FREE(d->fn);
- return KRB5_RC_IO_PERM;
- }
- d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+ d->fd = -1;
+ retval = lstat(d->fn, &sb1);
+ if (retval != 0) {
+ retval = rc_map_errno(context, errno, d->fn, "lstat");
+ goto cleanup;
}
-#endif
- if (d->fd == -1) {
+ d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+ if (d->fd < 0) {
retval = rc_map_errno(context, errno, d->fn, "open");
goto cleanup;
}
+ retval = fstat(d->fd, &sb2);
+ if (retval < 0) {
+ retval = rc_map_errno(context, errno, d->fn, "fstat");
+ goto cleanup;
+ }
+ /* check if someone was playing with symlinks */
+ if ((sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)
+ || (sb1.st_mode & S_IFMT) != S_IFREG)
+ {
+ retval = KRB5_RC_IO_PERM;
+ krb5_set_error_message(context, retval,
+ "rcache not a file %s", d->fn);
+ goto cleanup;
+ }
+ /* check that non other can read/write/execute the file */
+ if (sb1.st_mode & 077) {
+ krb5_set_error_message(context, retval, "Insecure file mode "
+ "for replay cache file %s", d->fn);
+ return KRB5_RC_IO_UNKNOWN;
+ }
+ /* owned by me */
+ if (sb1.st_uid != geteuid()) {
+ retval = KRB5_RC_IO_PERM;
+ krb5_set_error_message(context, retval, "rcache not owned by %d",
+ (int)geteuid());
+ goto cleanup;
+ }
+#endif
set_cloexec_fd(d->fd);
do_not_unlink = 0;
Modified: branches/mkey_migrate/src/lib/krb5/rcache/rcdef.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/rcache/rcdef.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/rcache/rcdef.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -9,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -23,8 +23,8 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
*
+ *
* replay cache default operations vector.
*/
Modified: branches/mkey_migrate/src/lib/krb5/rcache/t_replay.c
===================================================================
--- branches/mkey_migrate/src/lib/krb5/rcache/t_replay.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/krb5/rcache/t_replay.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -9,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -23,7 +23,7 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* t_replay.c: Command-line interfaces to aid testing of replay cache
*
*/
@@ -68,6 +68,9 @@
FILE *fp;
krb5_deltat lifespan;
krb5_int16 vno;
+ char *str;
+ krb5_int32 usec;
+ krb5_timestamp timestamp;
fp = fopen(filename, "r");
if (!fp) {
@@ -80,10 +83,6 @@
return;
printf("Lifespan: %ld\n", (long) lifespan);
while (1) {
- char *str;
- krb5_int32 usec;
- krb5_timestamp timestamp;
-
printf("---\n");
if (!(str = read_counted_string(fp)))
@@ -114,6 +113,7 @@
krb5_error_code retval = 0;
char *hash = NULL;
krb5_donot_replay rep;
+ krb5_data d;
if (now_timestamp > 0)
krb5_set_debugging_time(ctx, now_timestamp, now_usec);
@@ -122,8 +122,6 @@
if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew)))
goto cleanup;
if (msg) {
- krb5_data d;
-
d.data = msg;
d.length = strlen(msg);
if ((retval = krb5_rc_hash_message(ctx, &d, &hash)))
Modified: branches/mkey_migrate/src/lib/rpc/xdr.c
===================================================================
--- branches/mkey_migrate/src/lib/rpc/xdr.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/lib/rpc/xdr.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -56,6 +56,9 @@
#ifdef USE_VALGRIND
#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_DEFINED(LVALUE) ((void)0)
+#define VALGRIND_CHECK_READABLE(PTR,SIZE) ((void)0)
#endif
/*
@@ -97,9 +100,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*ip);
-#endif
if (*ip > 0x7fffffffL || *ip < -0x7fffffffL - 1L)
return (FALSE);
@@ -133,9 +134,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*up);
-#endif
if (*up > 0xffffffffUL)
return (FALSE);
@@ -168,9 +167,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*lp);
-#endif
if (*lp > 0x7fffffffL || *lp < -0x7fffffffL - 1L)
return (FALSE);
@@ -194,9 +191,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*ulp);
-#endif
if (*ulp > 0xffffffffUL)
return (FALSE);
@@ -222,9 +217,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*sp);
-#endif
l = (long) *sp;
return (XDR_PUTLONG(xdrs, &l));
@@ -255,9 +248,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*usp);
-#endif
l = (u_long) *usp;
return (XDR_PUTLONG(xdrs, (long *) &l));
@@ -283,7 +274,6 @@
{
int i;
-#ifdef USE_VALGRIND
switch (xdrs->x_op) {
case XDR_ENCODE:
VALGRIND_CHECK_DEFINED(*cp);
@@ -291,7 +281,6 @@
default:
break;
}
-#endif
i = (*cp);
if (!xdr_int(xdrs, &i)) {
return (FALSE);
@@ -308,7 +297,6 @@
{
u_int u;
-#ifdef USE_VALGRIND
switch (xdrs->x_op) {
case XDR_ENCODE:
VALGRIND_CHECK_DEFINED(*cp);
@@ -316,7 +304,6 @@
default:
break;
}
-#endif
u = (*cp);
if (!xdr_u_int(xdrs, &u)) {
return (FALSE);
@@ -336,9 +323,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*bp);
-#endif
lb = *bp ? XDR_TRUE : XDR_FALSE;
return (XDR_PUTLONG(xdrs, &lb));
@@ -367,7 +352,6 @@
/*
* enums are treated as ints
*/
-#ifdef USE_VALGRIND
switch (xdrs->x_op) {
case XDR_ENCODE:
VALGRIND_CHECK_DEFINED(*ep);
@@ -375,7 +359,6 @@
default:
break;
}
-#endif
if (sizeof (enum sizecheck) == sizeof (long)) {
return (xdr_long(xdrs, (long *)ep));
} else if (sizeof (enum sizecheck) == sizeof (int)) {
@@ -425,9 +408,7 @@
}
if (xdrs->x_op == XDR_ENCODE) {
-#ifdef USE_VALGRIND
VALGRIND_CHECK_READABLE((volatile void *)cp, cnt);
-#endif
if (!XDR_PUTBYTES(xdrs, cp, cnt)) {
return (FALSE);
}
@@ -518,9 +499,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*ip);
-#endif
l = *ip;
return (xdr_long(xdrs, &l));
@@ -545,9 +524,7 @@
switch (xdrs->x_op) {
case XDR_ENCODE:
-#ifdef USE_VALGRIND
VALGRIND_CHECK_DEFINED(*up);
-#endif
ul = *up;
return (xdr_u_long(xdrs, &ul));
Modified: branches/mkey_migrate/src/plugins/kdb/db2/libdb2/hash/hash.c
===================================================================
--- branches/mkey_migrate/src/plugins/kdb/db2/libdb2/hash/hash.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/plugins/kdb/db2/libdb2/hash/hash.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -328,6 +328,8 @@
if (stat(file, &statbuf))
return (NULL);
hashp->hdr.bsize = statbuf.st_blksize;
+ if (hashp->hdr.bsize > MAX_BSIZE)
+ hashp->hdr.bsize = MAX_BSIZE;
hashp->hdr.bshift = __log2(hashp->hdr.bsize);
}
if (info) {
Modified: branches/mkey_migrate/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- branches/mkey_migrate/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -2259,6 +2259,9 @@
unsigned char *p = NULL;
ASN1_INTEGER *pub_key = NULL;
+ *dh_pubkey = *server_key = NULL;
+ *dh_pubkey_len = *server_key_len = 0;
+
/* get client's received DH parameters that we saved in server_check_dh */
dh = cryptoctx->dh;
Modified: branches/mkey_migrate/src/util/support/k5buf-int.h
===================================================================
--- branches/mkey_migrate/src/util/support/k5buf-int.h 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/util/support/k5buf-int.h 2009-01-23 19:57:08 UTC (rev 21791)
@@ -10,7 +10,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -18,13 +18,13 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* Internal declarations for the k5buf string buffer module.
*/
Modified: branches/mkey_migrate/src/util/support/k5buf.c
===================================================================
--- branches/mkey_migrate/src/util/support/k5buf.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/util/support/k5buf.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -10,7 +10,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -18,13 +18,13 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* Implement the k5buf string buffer module.
*/
@@ -43,7 +43,7 @@
len < space
data[len] = '\0'
*/
-
+
/* Make sure there is room for LEN more characters in BUF, in addition
to the null terminator and what's already in there. Return true on
success. On failure, set the error flag and return false. */
Modified: branches/mkey_migrate/src/util/support/t_k5buf.c
===================================================================
--- branches/mkey_migrate/src/util/support/t_k5buf.c 2009-01-23 19:04:57 UTC (rev 21790)
+++ branches/mkey_migrate/src/util/support/t_k5buf.c 2009-01-23 19:57:08 UTC (rev 21791)
@@ -10,7 +10,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -18,13 +18,13 @@
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* Test the k5buf string buffer module.
*/
@@ -35,8 +35,8 @@
static void fail_if(int condition, const char *name)
{
if (condition) {
- fprintf(stderr, "%s failed\n", name);
- exit(1);
+ fprintf(stderr, "%s failed\n", name);
+ exit(1);
}
}
@@ -44,9 +44,9 @@
static void check_buf(struct k5buf *buf, const char *name)
{
fail_if(buf->buftype != FIXED && buf->buftype != DYNAMIC
- && buf->buftype != ERROR, name);
+ && buf->buftype != ERROR, name);
if (buf->buftype == ERROR)
- return;
+ return;
fail_if(buf->space == 0, name);
fail_if(buf->space > SPACE_MAX, name);
fail_if(buf->len >= buf->space, name);
@@ -85,7 +85,7 @@
size_t i;
for (i = 0; i < sizeof(data); i++)
- data[i] = 'a';
+ data[i] = 'a';
/* Cause the buffer size to double from 128 to 256 bytes. */
krb5int_buf_init_dynamic(&buf);
@@ -236,7 +236,7 @@
size_t i;
for (i = 0; i < sizeof(data) - 1; i++)
- data[i] = 'a';
+ data[i] = 'a';
data[i] = '\0';
/* Format some text into a non-empty fixed buffer. */
More information about the cvs-krb5
mailing list