summaryrefslogtreecommitdiffstats
path: root/source4/heimdal/kdc/kx509.c
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-10-27 11:35:07 +0100
committerStefan Metzmacher <metze@samba.org>2008-10-28 08:53:09 +0100
commit2b29b7186459d945ec448694164bfe4239b30d72 (patch)
tree561495b1870facf03f7892559a184f4f49df1fe2 /source4/heimdal/kdc/kx509.c
parent698b7fd43658d9e96d28f26c9e1dae5e770bb57f (diff)
downloadsamba-2b29b7186459d945ec448694164bfe4239b30d72.tar.gz
samba-2b29b7186459d945ec448694164bfe4239b30d72.tar.xz
samba-2b29b7186459d945ec448694164bfe4239b30d72.zip
s4: import lorikeet-heimdal-200810271034
metze
Diffstat (limited to 'source4/heimdal/kdc/kx509.c')
-rw-r--r--source4/heimdal/kdc/kx509.c92
1 files changed, 46 insertions, 46 deletions
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index 33991d1907..83e05b81c5 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -59,13 +59,13 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
static krb5_error_code
-verify_req_hash(krb5_context context,
+verify_req_hash(krb5_context context,
const Kx509Request *req,
krb5_keyblock *key)
{
unsigned char digest[SHA_DIGEST_LENGTH];
HMAC_CTX ctx;
-
+
if (req->pk_hash.length != sizeof(digest)) {
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
"pk-hash have wrong length: %lu",
@@ -74,8 +74,8 @@ verify_req_hash(krb5_context context,
}
HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx,
- key->keyvalue.data, key->keyvalue.length,
+ HMAC_Init_ex(&ctx,
+ key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
if (sizeof(digest) != HMAC_size(&ctx))
krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
@@ -98,11 +98,11 @@ calculate_reply_hash(krb5_context context,
Kx509Response *rep)
{
HMAC_CTX ctx;
-
+
HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx,
- key->keyvalue.data, key->keyvalue.length,
+ HMAC_Init_ex(&ctx,
+ key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
rep->hash->length = HMAC_size(&ctx);
rep->hash->data = malloc(rep->hash->length);
@@ -133,11 +133,11 @@ calculate_reply_hash(krb5_context context,
}
/*
- * Build a certifate for `principal´ that will expire at `endtime´.
+ * Build a certifate for `principal´ that will expire at `endtime´.
*/
static krb5_error_code
-build_certificate(krb5_context context,
+build_certificate(krb5_context context,
krb5_kdc_configuration *config,
const krb5_data *key,
time_t endtime,
@@ -159,8 +159,8 @@ build_certificate(krb5_context context,
ret = hx509_context_init(&hxctx);
if (ret)
goto out;
-
- ret = hx509_env_add(hxctx, &env, "principal-name",
+
+ ret = hx509_env_add(hxctx, &env, "principal-name",
krb5_principal_get_comp_string(context, principal, 0));
if (ret)
goto out;
@@ -208,7 +208,7 @@ build_certificate(krb5_context context,
spki.subjectPublicKey.data = key->data;
spki.subjectPublicKey.length = key->length * 8;
- ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(),
+ ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(),
&spki.algorithm.algorithm);
any.data = "\x05\x00";
@@ -239,7 +239,7 @@ build_certificate(krb5_context context,
config->kx509_template);
goto out;
}
- ret = hx509_ca_tbs_set_template(hxctx, tbs,
+ ret = hx509_ca_tbs_set_template(hxctx, tbs,
HX509_CA_TEMPLATE_SUBJECT|
HX509_CA_TEMPLATE_KU|
HX509_CA_TEMPLATE_EKU,
@@ -265,7 +265,7 @@ build_certificate(krb5_context context,
hx509_cert_free(cert);
if (ret)
goto out;
-
+
hx509_context_free(&hxctx);
return 0;
@@ -287,7 +287,7 @@ out:
*/
krb5_error_code
-_kdc_do_kx509(krb5_context context,
+_kdc_do_kx509(krb5_context context,
krb5_kdc_configuration *config,
const Kx509Request *req, krb5_data *reply,
const char *from, struct sockaddr *addr)
@@ -307,7 +307,7 @@ _kdc_do_kx509(krb5_context context,
memset(&rep, 0, sizeof(rep));
if(!config->enable_kx509) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Rejected kx509 request (disabled) from %s", from);
return KRB5KDC_ERR_POLICY;
}
@@ -320,7 +320,7 @@ _kdc_do_kx509(krb5_context context,
goto out;
}
- ret = krb5_rd_req(context,
+ ret = krb5_rd_req(context,
&ac,
&req->authenticator,
NULL,
@@ -337,7 +337,7 @@ _kdc_do_kx509(krb5_context context,
ret = krb5_unparse_name(context, cprincipal, &cname);
if (ret)
goto out;
-
+
/* verify server principal */
ret = krb5_sname_to_principal(context, NULL, "kca_service",
@@ -362,7 +362,7 @@ _kdc_do_kx509(krb5_context context,
goto out;
}
}
-
+
ret = krb5_auth_con_getkey(context, ac, &key);
if (ret == 0 && key == NULL)
ret = KRB5KDC_ERR_NULL_KEY;
@@ -370,7 +370,7 @@ _kdc_do_kx509(krb5_context context,
krb5_set_error_message(context, ret, "Kx509 can't get session key");
goto out;
}
-
+
ret = verify_req_hash(context, req, key);
if (ret)
goto out;
@@ -398,7 +398,7 @@ _kdc_do_kx509(krb5_context context,
goto out;
krb5_data_zero(rep.hash);
- ret = build_certificate(context, config, &req->pk_key,
+ ret = build_certificate(context, config, &req->pk_key,
krb5_ticket_get_endtime(context, ticket),
cprincipal, rep.certificate);
if (ret)