diff options
Diffstat (limited to 'src/lib/krb5/krb/mk_cred.c')
-rw-r--r-- | src/lib/krb5/krb/mk_cred.c | 182 |
1 files changed, 91 insertions, 91 deletions
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index 6ce0e354e5..4c95accd03 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -1,7 +1,8 @@ -/* +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* * NAME * cred.c - * + * * DESCRIPTION * Provide an interface to assemble and disassemble krb5_cred * structures. @@ -20,41 +21,41 @@ /* * encrypt the enc_part of krb5_cred */ -static krb5_error_code +static krb5_error_code encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart, - krb5_key pkey, krb5_enc_data *pencdata) + krb5_key pkey, krb5_enc_data *pencdata) { - krb5_error_code retval; - krb5_data * scratch; + krb5_error_code retval; + krb5_data * scratch; /* start by encoding to-be-encrypted part of the message */ if ((retval = encode_krb5_enc_cred_part(pcredpart, &scratch))) - return retval; + return retval; /* * If the keyblock is NULL, just copy the data from the encoded * data to the ciphertext area. */ if (pkey == NULL) { - pencdata->ciphertext.data = scratch->data; - pencdata->ciphertext.length = scratch->length; - free(scratch); - return 0; + pencdata->ciphertext.data = scratch->data; + pencdata->ciphertext.length = scratch->length; + free(scratch); + return 0; } /* call the encryption routine */ retval = krb5_encrypt_keyhelper(context, pkey, - KRB5_KEYUSAGE_KRB_CRED_ENCPART, - scratch, pencdata); + KRB5_KEYUSAGE_KRB_CRED_ENCPART, + scratch, pencdata); if (retval) { - memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length); + memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length); free(pencdata->ciphertext.data); pencdata->ciphertext.length = 0; pencdata->ciphertext.data = 0; } - memset(scratch->data, 0, scratch->length); + memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); return retval; @@ -64,15 +65,15 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart, static krb5_error_code krb5_mk_ncred_basic(krb5_context context, - krb5_creds **ppcreds, krb5_int32 nppcreds, - krb5_key key, krb5_replay_data *replaydata, - krb5_address *local_addr, krb5_address *remote_addr, - krb5_cred *pcred) + krb5_creds **ppcreds, krb5_int32 nppcreds, + krb5_key key, krb5_replay_data *replaydata, + krb5_address *local_addr, krb5_address *remote_addr, + krb5_cred *pcred) { - krb5_cred_enc_part credenc; - krb5_error_code retval; - size_t size; - int i; + krb5_cred_enc_part credenc; + krb5_error_code retval; + size_t size; + int i; credenc.magic = KV5M_CRED_ENC_PART; @@ -89,42 +90,42 @@ krb5_mk_ncred_basic(krb5_context context, size = sizeof(krb5_cred_info *) * (nppcreds + 1); credenc.ticket_info = (krb5_cred_info **) calloc(1, size); if (credenc.ticket_info == NULL) - return ENOMEM; + return ENOMEM; /* * For each credential in the list, initialize a cred info * structure and copy the ticket into the ticket list. */ for (i = 0; i < nppcreds; i++) { - credenc.ticket_info[i] = malloc(sizeof(krb5_cred_info)); - if (credenc.ticket_info[i] == NULL) { - retval = ENOMEM; - goto cleanup; - } - credenc.ticket_info[i+1] = NULL; - + credenc.ticket_info[i] = malloc(sizeof(krb5_cred_info)); + if (credenc.ticket_info[i] == NULL) { + retval = ENOMEM; + goto cleanup; + } + credenc.ticket_info[i+1] = NULL; + credenc.ticket_info[i]->magic = KV5M_CRED_INFO; credenc.ticket_info[i]->times = ppcreds[i]->times; credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags; - if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket, - &pcred->tickets[i]))) - goto cleanup; + if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket, + &pcred->tickets[i]))) + goto cleanup; - if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock, - &credenc.ticket_info[i]->session))) + if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock, + &credenc.ticket_info[i]->session))) goto cleanup; if ((retval = krb5_copy_principal(context, ppcreds[i]->client, - &credenc.ticket_info[i]->client))) + &credenc.ticket_info[i]->client))) goto cleanup; - if ((retval = krb5_copy_principal(context, ppcreds[i]->server, - &credenc.ticket_info[i]->server))) + if ((retval = krb5_copy_principal(context, ppcreds[i]->server, + &credenc.ticket_info[i]->server))) goto cleanup; - if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses, - &credenc.ticket_info[i]->caddrs))) + if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses, + &credenc.ticket_info[i]->caddrs))) goto cleanup; } @@ -149,18 +150,18 @@ cleanup: */ krb5_error_code KRB5_CALLCONV krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, - krb5_creds **ppcreds, krb5_data **ppdata, - krb5_replay_data *outdata) + krb5_creds **ppcreds, krb5_data **ppdata, + krb5_replay_data *outdata) { krb5_address * premote_fulladdr = NULL; krb5_address * plocal_fulladdr = NULL; krb5_address remote_fulladdr; krb5_address local_fulladdr; - krb5_error_code retval; - krb5_key key; + krb5_error_code retval; + krb5_key key; krb5_replay_data replaydata; - krb5_cred * pcred; - krb5_int32 ncred; + krb5_cred * pcred; + krb5_int32 ncred; krb5_boolean increased_sequence = FALSE; local_fulladdr.contents = 0; @@ -168,94 +169,94 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, memset(&replaydata, 0, sizeof(krb5_replay_data)); if (ppcreds == NULL) - return KRB5KRB_AP_ERR_BADADDR; + return KRB5KRB_AP_ERR_BADADDR; /* * Allocate memory for a NULL terminated list of tickets. */ for (ncred = 0; ppcreds[ncred]; ncred++) - ; + ; - if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL) + if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL) return ENOMEM; - if ((pcred->tickets - = (krb5_ticket **)calloc((size_t)ncred+1, - sizeof(krb5_ticket *))) == NULL) { - retval = ENOMEM; - goto error; + if ((pcred->tickets + = (krb5_ticket **)calloc((size_t)ncred+1, + sizeof(krb5_ticket *))) == NULL) { + retval = ENOMEM; + goto error; } /* Get keyblock */ if ((key = auth_context->send_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; /* Get replay info */ if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) { - retval = KRB5_RC_REQUIRED; - goto error; + (auth_context->rcache == NULL)) { + retval = KRB5_RC_REQUIRED; + goto error; } if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) - && (outdata == NULL)) { + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) + && (outdata == NULL)) { /* Need a better error */ - retval = KRB5_RC_REQUIRED; - goto error; + retval = KRB5_RC_REQUIRED; + goto error; } if ((retval = krb5_us_timeofday(context, &replaydata.timestamp, - &replaydata.usec))) - goto error; + &replaydata.usec))) + goto error; if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) { - outdata->timestamp = replaydata.timestamp; - outdata->usec = replaydata.usec; + outdata->timestamp = replaydata.timestamp; + outdata->usec = replaydata.usec; } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { replaydata.seq = auth_context->local_seq_number++; - increased_sequence = TRUE; + increased_sequence = TRUE; if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = replaydata.seq; } if (auth_context->local_addr) { - if (auth_context->local_port) { + if (auth_context->local_port) { if ((retval = krb5_make_fulladdr(context, auth_context->local_addr, - auth_context->local_port, - &local_fulladdr))) - goto error; - plocal_fulladdr = &local_fulladdr; - } else { + auth_context->local_port, + &local_fulladdr))) + goto error; + plocal_fulladdr = &local_fulladdr; + } else { plocal_fulladdr = auth_context->local_addr; } } if (auth_context->remote_addr) { - if (auth_context->remote_port) { + if (auth_context->remote_port) { if ((retval = krb5_make_fulladdr(context,auth_context->remote_addr, - auth_context->remote_port, - &remote_fulladdr))) - goto error; - premote_fulladdr = &remote_fulladdr; - } else { + auth_context->remote_port, + &remote_fulladdr))) + goto error; + premote_fulladdr = &remote_fulladdr; + } else { premote_fulladdr = auth_context->remote_addr; } } /* Setup creds structure */ if ((retval = krb5_mk_ncred_basic(context, ppcreds, ncred, key, - &replaydata, plocal_fulladdr, - premote_fulladdr, pcred))) { - goto error; + &replaydata, plocal_fulladdr, + premote_fulladdr, pcred))) { + goto error; } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { krb5_donot_replay replay; if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, - "_forw", &replay.client))) + "_forw", &replay.client))) goto error; replay.server = ""; /* XXX */ @@ -279,7 +280,7 @@ error: krb5_free_cred(context, pcred); if (retval) { - if (increased_sequence) + if (increased_sequence) auth_context->local_seq_number--; } return retval; @@ -292,23 +293,22 @@ error: */ krb5_error_code KRB5_CALLCONV krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, - krb5_creds *pcreds, krb5_data **ppdata, - krb5_replay_data *outdata) + krb5_creds *pcreds, krb5_data **ppdata, + krb5_replay_data *outdata) { krb5_error_code retval; krb5_creds **ppcreds; if ((ppcreds = (krb5_creds **)malloc(sizeof(*ppcreds) * 2)) == NULL) { - return ENOMEM; + return ENOMEM; } ppcreds[0] = pcreds; ppcreds[1] = NULL; retval = krb5_mk_ncred(context, auth_context, ppcreds, - ppdata, outdata); - + ppdata, outdata); + free(ppcreds); return retval; } - |