diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
| commit | 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b (patch) | |
| tree | 61b9147863cd8be3eff63903dc36cae168254bd5 /src/lib/krb5/keytab | |
| parent | 162ab371748cba0cc6f172419bd6e71fa04bb878 (diff) | |
| download | krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.gz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.xz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.zip | |
make mark-cstyle
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/keytab')
| -rw-r--r-- | src/lib/krb5/keytab/kt-int.h | 5 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/kt_file.c | 1412 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/kt_memory.c | 488 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/kt_srvtab.c | 250 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/ktadd.c | 10 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/ktbase.c | 110 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/ktdefault.c | 8 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/ktfns.c | 38 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/ktfr_entry.c | 16 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/ktremove.c | 12 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/read_servi.c | 44 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/t_keytab.c | 725 |
12 files changed, 1560 insertions, 1558 deletions
diff --git a/src/lib/krb5/keytab/kt-int.h b/src/lib/krb5/keytab/kt-int.h index e62b2d3f1..383d346f7 100644 --- a/src/lib/krb5/keytab/kt-int.h +++ b/src/lib/krb5/keytab/kt-int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/kt-int.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This file contains constant and function declarations used in the * file-based credential cache routines. diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index 4c90b8b47..c27829ca0 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/kt_file.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #ifndef LEAN_CLIENT @@ -40,22 +41,22 @@ * Constants */ -#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ -#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ +#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ +#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO -/* +/* * Types */ typedef struct _krb5_ktfile_data { - char *name; /* Name of the file */ - FILE *openf; /* open file, if any. */ - char iobuf[BUFSIZ]; /* so we can zap it later */ - int version; /* Version number of keytab */ - unsigned int iter_count; /* Number of active iterators */ - long start_offset; /* Starting offset after version */ - k5_mutex_t lock; /* Protect openf, version */ + char *name; /* Name of the file */ + FILE *openf; /* open file, if any. */ + char iobuf[BUFSIZ]; /* so we can zap it later */ + int version; /* Version number of keytab */ + unsigned int iter_count; /* Number of active iterators */ + long start_offset; /* Starting offset after version */ + k5_mutex_t lock; /* Protect openf, version */ } krb5_ktfile_data; /* @@ -93,114 +94,114 @@ typedef struct _krb5_ktfile_data { extern const struct _krb5_kt_ops krb5_ktf_ops; extern const struct _krb5_kt_ops krb5_ktf_writable_ops; -static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve - (krb5_context, - const char *, - krb5_keytab *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve - (krb5_context, - const char *, - krb5_keytab *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name - (krb5_context, - krb5_keytab, - char *, - unsigned int); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_close - (krb5_context, - krb5_keytab); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve +(krb5_context, + const char *, + krb5_keytab *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve +(krb5_context, + const char *, + krb5_keytab *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name +(krb5_context, + krb5_keytab, + char *, + unsigned int); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_close +(krb5_context, + krb5_keytab); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry +(krb5_context, + krb5_keytab, + krb5_const_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ -static krb5_error_code KRB5_CALLCONV krb5_ktfile_add - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code krb5_ktfileint_openr - (krb5_context, - krb5_keytab); - -static krb5_error_code krb5_ktfileint_openw - (krb5_context, - krb5_keytab); - -static krb5_error_code krb5_ktfileint_close - (krb5_context, - krb5_keytab); - -static krb5_error_code krb5_ktfileint_read_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code krb5_ktfileint_write_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code krb5_ktfileint_delete_entry - (krb5_context, - krb5_keytab, - krb5_int32); - -static krb5_error_code krb5_ktfileint_internal_read_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_int32 *); - -static krb5_error_code krb5_ktfileint_size_entry - (krb5_context, - krb5_keytab_entry *, - krb5_int32 *); - -static krb5_error_code krb5_ktfileint_find_slot - (krb5_context, - krb5_keytab, - krb5_int32 *, - krb5_int32 *); +static krb5_error_code KRB5_CALLCONV krb5_ktfile_add +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code krb5_ktfileint_openr +(krb5_context, + krb5_keytab); + +static krb5_error_code krb5_ktfileint_openw +(krb5_context, + krb5_keytab); + +static krb5_error_code krb5_ktfileint_close +(krb5_context, + krb5_keytab); + +static krb5_error_code krb5_ktfileint_read_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code krb5_ktfileint_write_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code krb5_ktfileint_delete_entry +(krb5_context, + krb5_keytab, + krb5_int32); + +static krb5_error_code krb5_ktfileint_internal_read_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_int32 *); + +static krb5_error_code krb5_ktfileint_size_entry +(krb5_context, + krb5_keytab_entry *, + krb5_int32 *); + +static krb5_error_code krb5_ktfileint_find_slot +(krb5_context, + krb5_keytab, + krb5_int32 *, + krb5_int32 *); /* - * This is an implementation specific resolver. It returns a keytab id + * This is an implementation specific resolver. It returns a keytab id * initialized with file keytab routines. */ static krb5_error_code ktfile_common_resolve(krb5_context context, const char *name, - krb5_keytab *idptr, const struct _krb5_kt_ops *ops) + krb5_keytab *idptr, const struct _krb5_kt_ops *ops) { krb5_ktfile_data *data = NULL; krb5_error_code err = ENOMEM; @@ -210,20 +211,20 @@ ktfile_common_resolve(krb5_context context, const char *name, id = calloc(1, sizeof(*id)); if (id == NULL) - return ENOMEM; - + return ENOMEM; + id->ops = ops; data = calloc(1, sizeof(krb5_ktfile_data)); if (data == NULL) - goto cleanup; + goto cleanup; data->name = strdup(name); if (data->name == NULL) - goto cleanup; + goto cleanup; err = k5_mutex_init(&data->lock); if (err) - goto cleanup; + goto cleanup; data->openf = 0; data->version = 0; @@ -235,13 +236,13 @@ ktfile_common_resolve(krb5_context context, const char *name, return 0; cleanup: if (data) - free(data->name); + free(data->name); free(data); free(id); return err; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) { return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops); @@ -253,15 +254,15 @@ krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) * free memory hidden in the structures. */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_close(krb5_context context, krb5_keytab id) - /* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktfile_resolve(). - */ +/* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktfile_resolve(). + */ { free(KTFILENAME(id)); zap(KTFILEBUFP(id), BUFSIZ); @@ -280,8 +281,8 @@ krb5_ktfile_close(krb5_context context, krb5_keytab id) static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, - krb5_const_principal principal, krb5_kvno kvno, - krb5_enctype enctype, krb5_keytab_entry *entry) + krb5_const_principal principal, krb5_kvno kvno, + krb5_enctype enctype, krb5_keytab_entry *entry) { krb5_keytab_entry cur_entry, new_entry; krb5_error_code kerror = 0; @@ -292,27 +293,27 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; if (KTFILEP(id) != NULL) { - was_open = 1; + was_open = 1; - if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) { - KTUNLOCK(id); - return errno; - } + if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) { + KTUNLOCK(id); + return errno; + } } else { - was_open = 0; + was_open = 0; - /* Open the keyfile for reading */ - if ((kerror = krb5_ktfileint_openr(context, id))) { - KTUNLOCK(id); - return(kerror); - } + /* Open the keyfile for reading */ + if ((kerror = krb5_ktfileint_openr(context, id))) { + KTUNLOCK(id); + return(kerror); + } } - - /* - * For efficiency and simplicity, we'll use a while true that + + /* + * For efficiency and simplicity, we'll use a while true that * is exited with a break statement. */ cur_entry.principal = 0; @@ -320,111 +321,111 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, cur_entry.key.contents = 0; while (TRUE) { - if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry))) - break; - - /* by the time this loop exits, it must either free cur_entry, - and copy new_entry there, or free new_entry. Otherwise, it - leaks. */ - - /* if the principal isn't the one requested, free new_entry - and continue to the next. */ - - if (!krb5_principal_compare(context, principal, new_entry.principal)) { - krb5_kt_free_entry(context, &new_entry); - continue; - } - - /* if the enctype is not ignored and doesn't match, free new_entry - and continue to the next */ - - if (enctype != IGNORE_ENCTYPE) { - if ((kerror = krb5_c_enctype_compare(context, enctype, - new_entry.key.enctype, - &similar))) { - krb5_kt_free_entry(context, &new_entry); - break; - } - - if (!similar) { - krb5_kt_free_entry(context, &new_entry); - continue; - } - /* - * Coerce the enctype of the output keyblock in case we - * got an inexact match on the enctype. - */ - new_entry.key.enctype = enctype; - - } - - if (kvno == IGNORE_VNO) { - /* if this is the first match, or if the new vno is - bigger, free the current and keep the new. Otherwise, - free the new. */ - /* A 1.2.x keytab contains only the low 8 bits of the key - version number. Since it can be much bigger, and thus - the 8-bit value can wrap, we need some heuristics to - figure out the "highest" numbered key if some numbers - close to 255 and some near 0 are used. - - The heuristic here: - - If we have any keys with versions over 240, then assume - that all version numbers 0-127 refer to 256+N instead. - Not perfect, but maybe good enough? */ + if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry))) + break; + + /* by the time this loop exits, it must either free cur_entry, + and copy new_entry there, or free new_entry. Otherwise, it + leaks. */ + + /* if the principal isn't the one requested, free new_entry + and continue to the next. */ + + if (!krb5_principal_compare(context, principal, new_entry.principal)) { + krb5_kt_free_entry(context, &new_entry); + continue; + } + + /* if the enctype is not ignored and doesn't match, free new_entry + and continue to the next */ + + if (enctype != IGNORE_ENCTYPE) { + if ((kerror = krb5_c_enctype_compare(context, enctype, + new_entry.key.enctype, + &similar))) { + krb5_kt_free_entry(context, &new_entry); + break; + } + + if (!similar) { + krb5_kt_free_entry(context, &new_entry); + continue; + } + /* + * Coerce the enctype of the output keyblock in case we + * got an inexact match on the enctype. + */ + new_entry.key.enctype = enctype; + + } + + if (kvno == IGNORE_VNO) { + /* if this is the first match, or if the new vno is + bigger, free the current and keep the new. Otherwise, + free the new. */ + /* A 1.2.x keytab contains only the low 8 bits of the key + version number. Since it can be much bigger, and thus + the 8-bit value can wrap, we need some heuristics to + figure out the "highest" numbered key if some numbers + close to 255 and some near 0 are used. + + The heuristic here: + + If we have any keys with versions over 240, then assume + that all version numbers 0-127 refer to 256+N instead. + Not perfect, but maybe good enough? */ #define M(VNO) (((VNO) - kvno_offset + 256) % 256) - if (new_entry.vno > 240) - kvno_offset = 128; - if (! cur_entry.principal || - M(new_entry.vno) > M(cur_entry.vno)) { - krb5_kt_free_entry(context, &cur_entry); - cur_entry = new_entry; - } else { - krb5_kt_free_entry(context, &new_entry); - } - } else { - /* if this kvno matches, free the current (will there ever - be one?), keep the new, and break out. Otherwise, remember - that we were here so we can return the right error, and - free the new */ - /* Yuck. The krb5-1.2.x keytab format only stores one byte - for the kvno, so we're toast if the kvno requested is - higher than that. Short-term workaround: only compare - the low 8 bits. */ - - if (new_entry.vno == (kvno & 0xff)) { - krb5_kt_free_entry(context, &cur_entry); - cur_entry = new_entry; - break; - } else { - found_wrong_kvno++; - krb5_kt_free_entry(context, &new_entry); - } - } + if (new_entry.vno > 240) + kvno_offset = 128; + if (! cur_entry.principal || + M(new_entry.vno) > M(cur_entry.vno)) { + krb5_kt_free_entry(context, &cur_entry); + cur_entry = new_entry; + } else { + krb5_kt_free_entry(context, &new_entry); + } + } else { + /* if this kvno matches, free the current (will there ever + be one?), keep the new, and break out. Otherwise, remember + that we were here so we can return the right error, and + free the new */ + /* Yuck. The krb5-1.2.x keytab format only stores one byte + for the kvno, so we're toast if the kvno requested is + higher than that. Short-term workaround: only compare + the low 8 bits. */ + + if (new_entry.vno == (kvno & 0xff)) { + krb5_kt_free_entry(context, &cur_entry); + cur_entry = new_entry; + break; + } else { + found_wrong_kvno++; + krb5_kt_free_entry(context, &new_entry); + } + } } if (kerror == KRB5_KT_END) { - if (cur_entry.principal) - kerror = 0; - else if (found_wrong_kvno) - kerror = KRB5_KT_KVNONOTFOUND; - else - kerror = KRB5_KT_NOTFOUND; + if (cur_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; } if (kerror) { - if (was_open == 0) - (void) krb5_ktfileint_close(context, id); - KTUNLOCK(id); - krb5_kt_free_entry(context, &cur_entry); - return kerror; + if (was_open == 0) + (void) krb5_ktfileint_close(context, id); + KTUNLOCK(id); + krb5_kt_free_entry(context, &cur_entry); + return kerror; } if (was_open == 0 && (kerror = krb5_ktfileint_close(context, id)) != 0) { - KTUNLOCK(id); - krb5_kt_free_entry(context, &cur_entry); - return kerror; + KTUNLOCK(id); + krb5_kt_free_entry(context, &cur_entry); + return kerror; } KTUNLOCK(id); *entry = cur_entry; @@ -437,19 +438,19 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) - /* - * This routine returns the name of the name of the file associated with - * this file-based keytab. name is zeroed and the filename is truncated - * to fit in name if necessary. The name is prefixed with PREFIX:, so that - * trt will happen if the name is passed back to resolve. - */ +/* + * This routine returns the name of the name of the file associated with + * this file-based keytab. name is zeroed and the filename is truncated + * to fit in name if necessary. The name is prefixed with PREFIX:, so that + * trt will happen if the name is passed back to resolve. + */ { int result; memset(name, 0, len); result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); + return(KRB5_KT_NAME_TOOLONG); return(0); } @@ -465,31 +466,31 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor * retval = KTLOCK(id); if (retval) - return retval; + return retval; if (KTITERS(id) == 0) { - if ((retval = krb5_ktfileint_openr(context, id))) { - KTUNLOCK(id); - return retval; - } + if ((retval = krb5_ktfileint_openr(context, id))) { + KTUNLOCK(id); + return retval; + } } if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { - if (KTITERS(id) == 0) - krb5_ktfileint_close(context, id); - KTUNLOCK(id); - return ENOMEM; + if (KTITERS(id) == 0) + krb5_ktfileint_close(context, id); + KTUNLOCK(id); + return ENOMEM; } *fileoff = KTSTARTOFF(id); *cursorp = (krb5_kt_cursor)fileoff; KTITERS(id)++; if (KTITERS(id) == 0) { - /* Wrapped?! */ - KTITERS(id)--; - KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Too many keytab iterators active"); - return KRB5_KT_IOERR; /* XXX */ + /* Wrapped?! */ + KTITERS(id)--; + KTUNLOCK(id); + krb5_set_error_message(context, KRB5_KT_IOERR, + "Too many keytab iterators active"); + return KRB5_KT_IOERR; /* XXX */ } KTUNLOCK(id); @@ -500,7 +501,7 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor * * krb5_ktfile_get_next() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { long *fileoff = (long *)*cursor; @@ -509,18 +510,18 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; if (KTFILEP(id) == NULL) { - KTUNLOCK(id); - return KRB5_KT_IOERR; + KTUNLOCK(id); + return KRB5_KT_IOERR; } if (fseek(KTFILEP(id), *fileoff, 0) == -1) { - KTUNLOCK(id); - return KRB5_KT_END; + KTUNLOCK(id); + return KRB5_KT_END; } if ((kerror = krb5_ktfileint_read_entry(context, id, &cur_entry))) { - KTUNLOCK(id); - return kerror; + KTUNLOCK(id); + return kerror; } *fileoff = ftell(KTFILEP(id)); *entry = cur_entry; @@ -532,7 +533,7 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en * krb5_ktfile_end_get() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { krb5_error_code kerror; @@ -540,12 +541,12 @@ krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor free(*cursor); kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; KTITERS(id)--; if (KTFILEP(id) != NULL && KTITERS(id) == 0) - kerror = krb5_ktfileint_close(context, id); + kerror = krb5_ktfileint_close(context, id); else - kerror = 0; + kerror = 0; KTUNLOCK(id); return kerror; } @@ -558,183 +559,183 @@ static const char ktfile_def_name[] = "."; /* * Routines to deal with externalizing krb5_keytab for [WR]FILE: variants. - * krb5_ktf_keytab_size(); - * krb5_ktf_keytab_externalize(); - * krb5_ktf_keytab_internalize(); + * krb5_ktf_keytab_size(); + * krb5_ktf_keytab_externalize(); + * krb5_ktf_keytab_internalize(); */ static krb5_error_code krb5_ktf_keytab_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_ktf_keytab_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_ktf_keytab_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. */ const krb5_ser_entry krb5_ktfile_ser_entry = { - KV5M_KEYTAB, /* Type */ - krb5_ktf_keytab_size, /* Sizer routine */ - krb5_ktf_keytab_externalize, /* Externalize routine */ - krb5_ktf_keytab_internalize /* Internalize routine */ + KV5M_KEYTAB, /* Type */ + krb5_ktf_keytab_size, /* Sizer routine */ + krb5_ktf_keytab_externalize, /* Externalize routine */ + krb5_ktf_keytab_internalize /* Internalize routine */ }; /* - * krb5_ktf_keytab_size() - Determine the size required to externalize - * this krb5_keytab variant. + * krb5_ktf_keytab_size() - Determine the size required to externalize + * this krb5_keytab variant. */ static krb5_error_code krb5_ktf_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_keytab keytab; - size_t required; - krb5_ktfile_data *ktdata; + krb5_error_code kret; + krb5_keytab keytab; + size_t required; + krb5_ktfile_data *ktdata; kret = EINVAL; if ((keytab = (krb5_keytab) arg)) { - /* - * Saving FILE: variants of krb5_keytab requires at minimum: - * krb5_int32 for KV5M_KEYTAB - * krb5_int32 for length of keytab name. - * krb5_int32 for file status. - * krb5_int32 for file position. - * krb5_int32 for file position. - * krb5_int32 for version. - * krb5_int32 for KV5M_KEYTAB - */ - required = sizeof(krb5_int32) * 7; - if (keytab->ops && keytab->ops->prefix) - required += (strlen(keytab->ops->prefix)+1); - - /* - * The keytab name is formed as follows: - * <prefix>:<name> - * If there's no name, we use a default name so that we have something - * to call krb5_keytab_resolve with. - */ - ktdata = (krb5_ktfile_data *) keytab->data; - required += strlen((ktdata && ktdata->name) ? - ktdata->name : ktfile_def_name); - kret = 0; - - if (!kret) - *sizep += required; + /* + * Saving FILE: variants of krb5_keytab requires at minimum: + * krb5_int32 for KV5M_KEYTAB + * krb5_int32 for length of keytab name. + * krb5_int32 for file status. + * krb5_int32 for file position. + * krb5_int32 for file position. + * krb5_int32 for version. + * krb5_int32 for KV5M_KEYTAB + */ + required = sizeof(krb5_int32) * 7; + if (keytab->ops && keytab->ops->prefix) + required += (strlen(keytab->ops->prefix)+1); + + /* + * The keytab name is formed as follows: + * <prefix>:<name> + * If there's no name, we use a default name so that we have something + * to call krb5_keytab_resolve with. + */ + ktdata = (krb5_ktfile_data *) keytab->data; + required += strlen((ktdata && ktdata->name) ? + ktdata->name : ktfile_def_name); + kret = 0; + + if (!kret) + *sizep += required; } return(kret); } /* - * krb5_ktf_keytab_externalize() - Externalize the krb5_keytab. + * krb5_ktf_keytab_externalize() - Externalize the krb5_keytab. */ static krb5_error_code krb5_ktf_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keytab keytab; - size_t required; - krb5_octet *bp; - size_t remain; - krb5_ktfile_data *ktdata; - krb5_int32 file_is_open; - krb5_int64 file_pos; - char *ktname; - const char *fnamep; + krb5_error_code kret; + krb5_keytab keytab; + size_t required; + krb5_octet *bp; + size_t remain; + krb5_ktfile_data *ktdata; + krb5_int32 file_is_open; + krb5_int64 file_pos; + char *ktname; + const char *fnamep; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((keytab = (krb5_keytab) arg)) { - kret = ENOMEM; - if (!krb5_ktf_keytab_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); - - ktdata = (krb5_ktfile_data *) keytab->data; - file_is_open = 0; - file_pos = 0; - - /* Calculate the length of the name */ - if (ktdata && ktdata->name) - fnamep = ktdata->name; - else - fnamep = ktfile_def_name; - - if (keytab->ops && keytab->ops->prefix) { - if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0) - ktname = NULL; - } else - ktname = strdup(fnamep); - - if (ktname) { - /* Fill in the file-specific keytab information. */ - if (ktdata) { - if (ktdata->openf) { - long fpos; - int fflags = 0; - - file_is_open = 1; + kret = ENOMEM; + if (!krb5_ktf_keytab_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); + + ktdata = (krb5_ktfile_data *) keytab->data; + file_is_open = 0; + file_pos = 0; + + /* Calculate the length of the name */ + if (ktdata && ktdata->name) + fnamep = ktdata->name; + else + fnamep = ktfile_def_name; + + if (keytab->ops && keytab->ops->prefix) { + if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0) + ktname = NULL; + } else + ktname = strdup(fnamep); + + if (ktname) { + /* Fill in the file-specific keytab information. */ + if (ktdata) { + if (ktdata->openf) { + long fpos; + int fflags = 0; + + file_is_open = 1; #if !defined(_WIN32) - fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0); - if (fflags > 0) - file_is_open |= ((fflags & O_ACCMODE) << 1); + fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0); + if (fflags > 0) + file_is_open |= ((fflags & O_ACCMODE) << 1); #else - file_is_open = 0; + file_is_open = 0; #endif - fpos = ftell(ktdata->openf); - file_pos = fpos; /* XX range check? */ - } - } - - /* Put the length of the file name */ - (void) krb5_ser_pack_int32((krb5_int32) strlen(ktname), - &bp, &remain); - - /* Put the name */ - (void) krb5_ser_pack_bytes((krb5_octet *) ktname, - strlen(ktname), - &bp, &remain); - - /* Put the file open flag */ - (void) krb5_ser_pack_int32(file_is_open, &bp, &remain); - - /* Put the file position */ - (void) krb5_ser_pack_int64(file_pos, &bp, &remain); - - /* Put the version */ - (void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ? - ktdata->version : 0), - &bp, &remain); - - /* Put the trailer */ - (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - free(ktname); - } - } + fpos = ftell(ktdata->openf); + file_pos = fpos; /* XX range check? */ + } + } + + /* Put the length of the file name */ + (void) krb5_ser_pack_int32((krb5_int32) strlen(ktname), + &bp, &remain); + + /* Put the name */ + (void) krb5_ser_pack_bytes((krb5_octet *) ktname, + strlen(ktname), + &bp, &remain); + + /* Put the file open flag */ + (void) krb5_ser_pack_int32(file_is_open, &bp, &remain); + + /* Put the file position */ + (void) krb5_ser_pack_int64(file_pos, &bp, &remain); + + /* Put the version */ + (void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ? + ktdata->version : 0), + &bp, &remain); + + /* Put the trailer */ + (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); + kret = 0; + *buffer = bp; + *lenremain = remain; + free(ktname); + } + } } return(kret); } /* - * krb5_ktf_keytab_internalize() - Internalize the krb5_ktf_keytab. + * krb5_ktf_keytab_internalize() - Internalize the krb5_ktf_keytab. */ static krb5_error_code krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keytab keytab = NULL; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - char *ktname = NULL; - krb5_ktfile_data *ktdata; - krb5_int32 file_is_open; - krb5_int64 foff; + krb5_error_code kret; + krb5_keytab keytab = NULL; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + char *ktname = NULL; + krb5_ktfile_data *ktdata; + krb5_int32 file_is_open; + krb5_int64 foff; *argp = NULL; bp = *buffer; @@ -742,36 +743,36 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_KEYTAB) - return EINVAL; + return EINVAL; /* Read the keytab name */ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) - return kret; + return kret; ktname = malloc(ibuf + 1); if (!ktname) - return ENOMEM; + return ENOMEM; kret = krb5_ser_unpack_bytes((krb5_octet *) ktname, (size_t) ibuf, - &bp, &remain); + &bp, &remain); if (kret) - goto cleanup; + goto cleanup; ktname[ibuf] = '\0'; /* Resolve the keytab. */ kret = krb5_kt_resolve(kcontext, ktname, &keytab); if (kret) - goto cleanup; + goto cleanup; if (keytab->ops != &krb5_ktf_writable_ops - && keytab->ops != &krb5_ktf_ops) { - kret = EINVAL; - goto cleanup; + && keytab->ops != &krb5_ktf_ops) { + kret = EINVAL; + goto cleanup; } ktdata = (krb5_ktfile_data *) keytab->data; if (remain < (sizeof(krb5_int32)*5)) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } (void) krb5_ser_unpack_int32(&file_is_open, &bp, &remain); (void) krb5_ser_unpack_int64(&foff, &bp, &remain); @@ -779,30 +780,30 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe ktdata->version = (int) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (ibuf != KV5M_KEYTAB) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } if (file_is_open) { - int fmode; - long fpos; + int fmode; + long fpos; #if !defined(_WIN32) - fmode = (file_is_open >> 1) & O_ACCMODE; + fmode = (file_is_open >> 1) & O_ACCMODE; #else - fmode = 0; + fmode = 0; #endif - if (fmode) - kret = krb5_ktfileint_openw(kcontext, keytab); - else - kret = krb5_ktfileint_openr(kcontext, keytab); - if (kret) - goto cleanup; - fpos = foff; /* XX range check? */ - if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) { - kret = errno; - goto cleanup; - } + if (fmode) + kret = krb5_ktfileint_openw(kcontext, keytab); + else + kret = krb5_ktfileint_openr(kcontext, keytab); + if (kret) + goto cleanup; + fpos = foff; /* XX range check? */ + if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) { + kret = errno; + goto cleanup; + } } *buffer = bp; @@ -810,13 +811,13 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe *argp = (krb5_pointer) keytab; cleanup: if (kret != 0 && keytab) - krb5_kt_close(kcontext, keytab); + krb5_kt_close(kcontext, keytab); free(ktname); return kret; } /* - * This is an implementation specific resolver. It returns a keytab id + * This is an implementation specific resolver. It returns a keytab id * initialized with file keytab routines. */ @@ -831,28 +832,28 @@ krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id) * krb5_ktfile_add() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_error_code retval; retval = KTLOCK(id); if (retval) - return retval; + return retval; if (KTFILEP(id)) { - /* Iterator(s) active -- no changes. */ - KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Cannot change keytab with keytab iterators active"); - return KRB5_KT_IOERR; /* XXX */ + /* Iterator(s) active -- no changes. */ + KTUNLOCK(id); + krb5_set_error_message(context, KRB5_KT_IOERR, + "Cannot change keytab with keytab iterators active"); + return KRB5_KT_IOERR; /* XXX */ } if ((retval = krb5_ktfileint_openw(context, id))) { - KTUNLOCK(id); - return retval; + KTUNLOCK(id); + return retval; } if (fseek(KTFILEP(id), 0, 2) == -1) { - KTUNLOCK(id); - return KRB5_KT_END; + KTUNLOCK(id); + return KRB5_KT_END; } retval = krb5_ktfileint_write_entry(context, id, entry); krb5_ktfileint_close(context, id); @@ -864,7 +865,7 @@ krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) * krb5_ktfile_remove() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_keytab_entry cur_entry; @@ -873,53 +874,53 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; if (KTFILEP(id)) { - /* Iterator(s) active -- no changes. */ - KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Cannot change keytab with keytab iterators active"); - return KRB5_KT_IOERR; /* XXX */ + /* Iterator(s) active -- no changes. */ + KTUNLOCK(id); + krb5_set_error_message(context, KRB5_KT_IOERR, + "Cannot change keytab with keytab iterators active"); + return KRB5_KT_IOERR; /* XXX */ } if ((kerror = krb5_ktfileint_openw(context, id))) { - KTUNLOCK(id); - return kerror; + KTUNLOCK(id); + return kerror; } - /* - * For efficiency and simplicity, we'll use a while true that + /* + * For efficiency and simplicity, we'll use a while true that * is exited with a break statement. */ while (TRUE) { - if ((kerror = krb5_ktfileint_internal_read_entry(context, id, - &cur_entry, - &delete_point))) - break; + if ((kerror = krb5_ktfileint_internal_read_entry(context, id, + &cur_entry, + &delete_point))) + break; - if ((entry->vno == cur_entry.vno) && + if ((entry->vno == cur_entry.vno) && (entry->key.enctype == cur_entry.key.enctype) && - krb5_principal_compare(context, entry->principal, cur_entry.principal)) { - /* found a match */ + krb5_principal_compare(context, entry->principal, cur_entry.principal)) { + /* found a match */ krb5_kt_free_entry(context, &cur_entry); - break; - } - krb5_kt_free_entry(context, &cur_entry); + break; + } + krb5_kt_free_entry(context, &cur_entry); } if (kerror == KRB5_KT_END) - kerror = KRB5_KT_NOTFOUND; + kerror = KRB5_KT_NOTFOUND; if (kerror) { - (void) krb5_ktfileint_close(context, id); - KTUNLOCK(id); - return kerror; + (void) krb5_ktfileint_close(context, id); + KTUNLOCK(id); + return kerror; } kerror = krb5_ktfileint_delete_entry(context, id, delete_point); if (kerror) { - (void) krb5_ktfileint_close(context, id); + (void) krb5_ktfileint_close(context, id); } else { kerror = krb5_ktfileint_close(context, id); } @@ -933,9 +934,9 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr const struct _krb5_kt_ops krb5_ktf_ops = { 0, - "FILE", /* Prefix -- this string should not appear anywhere else! */ + "FILE", /* Prefix -- this string should not appear anywhere else! */ krb5_ktfile_resolve, - krb5_ktfile_get_name, + krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, @@ -952,9 +953,9 @@ const struct _krb5_kt_ops krb5_ktf_ops = { const struct _krb5_kt_ops krb5_ktf_writable_ops = { 0, - "WRFILE", /* Prefix -- this string should not appear anywhere else! */ + "WRFILE", /* Prefix -- this string should not appear anywhere else! */ krb5_ktfile_wresolve, - krb5_ktfile_get_name, + krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, @@ -971,9 +972,9 @@ const struct _krb5_kt_ops krb5_ktf_writable_ops = { const krb5_kt_ops krb5_kt_dfl_ops = { 0, - "FILE", /* Prefix -- this string should not appear anywhere else! */ + "FILE", /* Prefix -- this string should not appear anywhere else! */ krb5_ktfile_resolve, - krb5_ktfile_get_name, + krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, @@ -998,7 +999,7 @@ const krb5_kt_ops krb5_kt_dfl_ops = { * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -1012,16 +1013,16 @@ const krb5_kt_ops krb5_kt_dfl_ops = { * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * - * This function contains utilities for the file based implementation of + * + * This function contains utilities for the file based implementation of * the keytab. There are no public functions in this file. * * This file is the only one that has knowledge of the format of a * keytab file. * * The format is as follows: - * + * * <file format vno> * <record length> * principal timestamp vno key @@ -1031,21 +1032,21 @@ const krb5_kt_ops krb5_kt_dfl_ops = { * * A length field (sizeof(krb5_int32)) exists between entries. When this * length is positive it indicates an active entry, when negative a hole. - * The length indicates the size of the block in the file (this may be + * The length indicates the size of the block in the file (this may be * larger than the size of the next record, since we are using a first * fit algorithm for re-using holes and the first fit may be larger than * the entry we are writing). Another (compatible) implementation could - * break up holes when allocating them to smaller entries to minimize + * break up holes when allocating them to smaller entries to minimize * wasted space. (Such an implementation should also coalesce adjacent * holes to reduce fragmentation). This implementation does neither. * - * There are no separators between fields of an entry. + * There are no separators between fields of an entry. * A principal is a length-encoded array of length-encoded strings. The - * length is a krb5_int16 in each case. The specific format, then, is - * multiple entries concatinated with no separators. An entry has this + * length is a krb5_int16 in each case. The specific format, then, is + * multiple entries concatinated with no separators. An entry has this * exact format: * - * sizeof(krb5_int16) bytes for number of components in the principal; + * sizeof(krb5_int16) bytes for number of components in the principal; * then, each component listed in ordser. * For each component, sizeof(krb5_int16) bytes for the number of bytes * in the component, followed by the component. @@ -1083,73 +1084,73 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) KTCHECKLOCK(id); errno = 0; KTFILEP(id) = fopen(KTFILENAME(id), - (mode == KRB5_LOCKMODE_EXCLUSIVE) ? - fopen_mode_rbplus : fopen_mode_rb); + (mode == KRB5_LOCKMODE_EXCLUSIVE) ? + fopen_mode_rbplus : fopen_mode_rb); if (!KTFILEP(id)) { - if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { - /* try making it first time around */ + if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { + /* try making it first time around */ krb5_create_secure_file(context, KTFILENAME(id)); - errno = 0; - KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); - if (!KTFILEP(id)) - goto report_errno; - writevno = 1; - } else { - report_errno: - switch (errno) { - case 0: - /* XXX */ - return EMFILE; - case ENOENT: - krb5_set_error_message(context, ENOENT, - "Key table file '%s' not found", - KTFILENAME(id)); - return ENOENT; - default: - return errno; - } - } + errno = 0; + KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); + if (!KTFILEP(id)) + goto report_errno; + writevno = 1; + } else { + report_errno: + switch (errno) { + case 0: + /* XXX */ + return EMFILE; + case ENOENT: + krb5_set_error_message(context, ENOENT, + "Key table file '%s' not found", + KTFILENAME(id)); + return ENOENT; + default: + return errno; + } + } } set_cloexec_file(KTFILEP(id)); if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) { - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return kerror; + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return kerror; } /* assume ANSI or BSD-style stdio */ setbuf(KTFILEP(id), KTFILEBUFP(id)); /* get the vno and verify it */ if (writevno) { - kt_vno = htons(krb5_kt_default_vno); - KTVERSION(id) = krb5_kt_default_vno; - if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { - kerror = errno; - (void) krb5_unlock_file(context, fileno(KTFILEP(id))); - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return kerror; - } + kt_vno = htons(krb5_kt_default_vno); + KTVERSION(id) = krb5_kt_default_vno; + if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + kerror = errno; + (void) krb5_unlock_file(context, fileno(KTFILEP(id))); + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return kerror; + } } else { - /* gotta verify it instead... */ - if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { - if (feof(KTFILEP(id))) - kerror = KRB5_KEYTAB_BADVNO; - else - kerror = errno; - (void) krb5_unlock_file(context, fileno(KTFILEP(id))); - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return kerror; - } - kt_vno = KTVERSION(id) = ntohs(kt_vno); - if ((kt_vno != KRB5_KT_VNO) && - (kt_vno != KRB5_KT_VNO_1)) { - (void) krb5_unlock_file(context, fileno(KTFILEP(id))); - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return KRB5_KEYTAB_BADVNO; - } + /* gotta verify it instead... */ + if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + if (feof(KTFILEP(id))) + kerror = KRB5_KEYTAB_BADVNO; + else + kerror = errno; + (void) krb5_unlock_file(context, fileno(KTFILEP(id))); + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return kerror; + } + kt_vno = KTVERSION(id) = ntohs(kt_vno); + if ((kt_vno != KRB5_KT_VNO) && + (kt_vno != KRB5_KT_VNO_1)) { + (void) krb5_unlock_file(context, fileno(KTFILEP(id))); + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return KRB5_KEYTAB_BADVNO; + } } KTSTARTOFF(id) = ftell(KTFILEP(id)); return 0; @@ -1174,7 +1175,7 @@ krb5_ktfileint_close(krb5_context context, krb5_keytab id) KTCHECKLOCK(id); if (!KTFILEP(id)) - return 0; + return 0; kerror = krb5_unlock_file(context, fileno(KTFILEP(id))); (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; @@ -1196,12 +1197,12 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del return KRB5_KT_END; } if (KTVERSION(id) != KRB5_KT_VNO_1) - size = ntohl(size); + size = ntohl(size); if (size > 0) { krb5_int32 minus_size = -size; - if (KTVERSION(id) != KRB5_KT_VNO_1) - minus_size = htonl(minus_size); + if (KTVERSION(id) != KRB5_KT_VNO_1) + minus_size = htonl(minus_size); if (fseek(KTFILEP(id), delete_point, SEEK_SET)) { return errno; @@ -1220,8 +1221,8 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del memset(iobuf, 0, (size_t) len); while (size > 0) { if (!fwrite(iobuf, 1, (size_t) len, KTFILEP(id))) { - return KRB5_KT_IOERR; - } + return KRB5_KT_IOERR; + } size -= len; if (size < len) { len = size; @@ -1246,8 +1247,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke krb5_int32 size; krb5_int32 start_pos; krb5_error_code error; - char *tmpdata; - krb5_data *princ; + char *tmpdata; + krb5_data *princ; KTCHECKLOCK(id); memset(ret_entry, 0, sizeof(krb5_keytab_entry)); @@ -1265,8 +1266,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke if (!fread(&size, sizeof(size), 1, KTFILEP(id))) { return KRB5_KT_END; } - if (KTVERSION(id) != KRB5_KT_VNO_1) - size = ntohl(size); + if (KTVERSION(id) != KRB5_KT_VNO_1) + size = ntohl(size); if (size < 0) { if (fseek(KTFILEP(id), -size, SEEK_CUR)) { @@ -1285,163 +1286,163 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke /* first, int16 with #princ components */ if (!fread(&count, sizeof(count), 1, KTFILEP(id))) - return KRB5_KT_END; + return KRB5_KT_END; if (KTVERSION(id) == KRB5_KT_VNO_1) { - count -= 1; /* V1 includes the realm in the count */ + count -= 1; /* V1 includes the realm in the count */ } else { - count = ntohs(count); + count = ntohs(count); } if (!count || (count < 0)) - return KRB5_KT_END; + return KRB5_KT_END; ret_entry->principal = (krb5_principal)malloc(sizeof(krb5_principal_data)); if (!ret_entry->principal) return ENOMEM; - + u_count = count; ret_entry->principal->magic = KV5M_PRINCIPAL; ret_entry->principal->length = u_count; - ret_entry->principal->data = (krb5_data *) - calloc(u_count, sizeof(krb5_data)); + ret_entry->principal->data = (krb5_data *) + calloc(u_count, sizeof(krb5_data)); if (!ret_entry->principal->data) { - free(ret_entry->principal); - ret_entry->principal = 0; - return ENOMEM; + free(ret_entry->principal); + ret_entry->principal = 0; + return ENOMEM; } /* Now, get the realm data */ if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } if (KTVERSION(id) != KRB5_KT_VNO_1) - princ_size = ntohs(princ_size); + princ_size = ntohs(princ_size); if (!princ_size || (princ_size < 0)) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } u_princ_size = princ_size; krb5_princ_set_realm_length(context, ret_entry->principal, u_princ_size); tmpdata = malloc(u_princ_size+1); if (!tmpdata) { - error = ENOMEM; - goto fail; + error = ENOMEM; + goto fail; } if (fread(tmpdata, 1, u_princ_size, KTFILEP(id)) != (size_t) princ_size) { - free(tmpdata); - error = KRB5_KT_END; - goto fail; + free(tmpdata); + error = KRB5_KT_END; + goto fail; } - tmpdata[princ_size] = 0; /* Some things might be expecting null */ - /* termination... ``Be conservative in */ - /* what you send out'' */ + tmpdata[princ_size] = 0; /* Some things might be expecting null */ + /* termination... ``Be conservative in */ + /* what you send out'' */ krb5_princ_set_realm_data(context, ret_entry->principal, tmpdata); - + for (i = 0; i < count; i++) { - princ = krb5_princ_component(context, ret_entry->principal, i); - if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + princ = krb5_princ_component(context, ret_entry->principal, i); + if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; } - if (KTVERSION(id) != KRB5_KT_VNO_1) - princ_size = ntohs(princ_size); - if (!princ_size || (princ_size < 0)) { - error = KRB5_KT_END; - goto fail; + if (KTVERSION(id) != KRB5_KT_VNO_1) + princ_size = ntohs(princ_size); + if (!princ_size || (princ_size < 0)) { + error = KRB5_KT_END; + goto fail; } - u_princ_size = princ_size; - princ->length = u_princ_size; - princ->data = malloc(u_princ_size+1); - if (!princ->data) { - error = ENOMEM; - goto fail; + u_princ_size = princ_size; + princ->length = u_princ_size; + princ->data = malloc(u_princ_size+1); + if (!princ->data) { + error = ENOMEM; + goto fail; } - if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; } - princ->data[princ_size] = 0; /* Null terminate */ + princ->data[princ_size] = 0; /* Null terminate */ } /* read in the principal type, if we can get it */ if (KTVERSION(id) != KRB5_KT_VNO_1) { - if (!fread(&ret_entry->principal->type, - sizeof(ret_entry->principal->type), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; - } - ret_entry->principal->type = ntohl(ret_entry->principal->type); - } - + if (!fread(&ret_entry->principal->type, + sizeof(ret_entry->principal->type), 1, KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; + } + ret_entry->principal->type = ntohl(ret_entry->principal->type); + } + /* read in the timestamp */ if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } if (KTVERSION(id) != KRB5_KT_VNO_1) - ret_entry->timestamp = ntohl(ret_entry->timestamp); - + ret_entry->timestamp = ntohl(ret_entry->timestamp); + /* read in the version number */ if (!fread(&vno, sizeof(vno), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } ret_entry->vno = (krb5_kvno)vno; - + /* key type */ if (!fread(&enctype, sizeof(enctype), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } ret_entry->key.enctype = (krb5_enctype)enctype; if (KTVERSION(id) != KRB5_KT_VNO_1) - ret_entry->key.enctype = ntohs(ret_entry->key.enctype); - + ret_entry->key.enctype = ntohs(ret_entry->key.enctype); + /* key contents */ ret_entry->key.magic = KV5M_KEYBLOCK; - + if (!fread(&count, sizeof(count), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } if (KTVERSION(id) != KRB5_KT_VNO_1) - count = ntohs(count); + count = ntohs(count); if (!count || (count < 0)) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } u_count = count; ret_entry->key.length = u_count; - + ret_entry->key.contents = (krb5_octet *)malloc(u_count); if (!ret_entry->key.contents) { - error = ENOMEM; - goto fail; - } + error = ENOMEM; + goto fail; + } if (!fread(ret_entry->key.contents, sizeof(krb5_octet), count, - KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; } /* * Reposition file pointer to the next inter-record length field. */ if (fseek(KTFILEP(id), start_pos + size, SEEK_SET) == -1) { - error = errno; - goto fail; + error = errno; + goto fail; } return 0; fail: - + for (i = 0; i < krb5_princ_size(context, ret_entry->principal); i++) { - princ = krb5_princ_component(context, ret_entry->principal, i); - if (princ->data) - free(princ->data); + princ = krb5_princ_component(context, ret_entry->principal, i); + if (princ->data) + free(princ->data); } free(ret_entry->principal->data); ret_entry->principal->data = 0; @@ -1466,10 +1467,10 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent krb5_int16 count, size, enctype; krb5_error_code retval = 0; krb5_timestamp timestamp; - krb5_int32 princ_type; + krb5_int32 princ_type; krb5_int32 size_needed; krb5_int32 commit_point = -1; - int i; + int i; KTCHECKLOCK(id); retval = krb5_ktfileint_size_entry(context, entry, &size_needed); @@ -1487,50 +1488,50 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent } if (KTVERSION(id) == KRB5_KT_VNO_1) { - count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1; + count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1; } else { - count = htons((u_short) krb5_princ_size(context, entry->principal)); + count = htons((u_short) krb5_princ_size(context, entry->principal)); } - + if (!fwrite(&count, sizeof(count), 1, KTFILEP(id))) { abend: - return KRB5_KT_IOERR; + return KRB5_KT_IOERR; } size = krb5_princ_realm(context, entry->principal)->length; if (KTVERSION(id) != KRB5_KT_VNO_1) - size = htons(size); + size = htons(size); if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { - goto abend; + goto abend; } if (!fwrite(krb5_princ_realm(context, entry->principal)->data, sizeof(char), - krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) { - goto abend; + krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) { + goto abend; } count = (krb5_int16) krb5_princ_size(context, entry->principal); for (i = 0; i < count; i++) { - princ = krb5_princ_component(context, entry->principal, i); - size = princ->length; - if (KTVERSION(id) != KRB5_KT_VNO_1) - size = htons(size); - if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { - goto abend; - } - if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) { - goto abend; - } + princ = krb5_princ_component(context, entry->principal, i); + size = princ->length; + if (KTVERSION(id) != KRB5_KT_VNO_1) + size = htons(size); + if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { + goto abend; + } + if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) { + goto abend; + } } /* * Write out the principal type */ if (KTVERSION(id) != KRB5_KT_VNO_1) { - princ_type = htonl(krb5_princ_type(context, entry->principal)); - if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { - goto abend; - } + princ_type = htonl(krb5_princ_type(context, entry->principal)); + if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { + goto abend; + } } - + /* * Fill in the time of day the entry was written to the keytab. */ @@ -1538,41 +1539,41 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent entry->timestamp = 0; } if (KTVERSION(id) == KRB5_KT_VNO_1) - timestamp = entry->timestamp; + timestamp = entry->timestamp; else - timestamp = htonl(entry->timestamp); + timestamp = htonl(entry->timestamp); if (!fwrite(×tamp, sizeof(timestamp), 1, KTFILEP(id))) { - goto abend; + goto abend; } - + /* key version number */ vno = (krb5_octet)entry->vno; if (!fwrite(&vno, sizeof(vno), 1, KTFILEP(id))) { - goto abend; + goto abend; } /* key type */ if (KTVERSION(id) == KRB5_KT_VNO_1) - enctype = entry->key.enctype; + enctype = entry->key.enctype; else - enctype = htons(entry->key.enctype); + enctype = htons(entry->key.enctype); if (!fwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) { - goto abend; + goto abend; } /* key length */ if (KTVERSION(id) == KRB5_KT_VNO_1) - size = entry->key.length; + size = entry->key.length; else - size = htons(entry->key.length); + size = htons(entry->key.length); if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { - goto abend; + goto abend; } if (!fwrite(entry->key.contents, sizeof(krb5_octet), - entry->key.length, KTFILEP(id))) { - goto abend; - } + entry->key.length, KTFILEP(id))) { + goto abend; + } if (fflush(KTFILEP(id))) - goto abend; + goto abend; retval = krb5_sync_disk_file(context, KTFILEP(id)); @@ -1584,12 +1585,12 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent return errno; } if (KTVERSION(id) != KRB5_KT_VNO_1) - size_needed = htonl(size_needed); + size_needed = htonl(size_needed); if (!fwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) { goto abend; } if (fflush(KTFILEP(id))) - goto abend; + goto abend; retval = krb5_sync_disk_file(context, KTFILEP(id)); return retval; @@ -1607,13 +1608,13 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i krb5_error_code retval = 0; count = (krb5_int16) krb5_princ_size(context, entry->principal); - + total_size = sizeof(count); total_size += krb5_princ_realm(context, entry->principal)->length + (sizeof(krb5_int16)); - + for (i = 0; i < count; i++) { - total_size += krb5_princ_component(context, entry->principal,i)->length - + (sizeof(krb5_int16)); + total_size += krb5_princ_component(context, entry->principal,i)->length + + (sizeof(krb5_int16)); } total_size += sizeof(entry->principal->type); @@ -1636,7 +1637,7 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i * The size_needed argument may be adjusted if we find a hole that is * larger than the size needed. (Recall that size_needed will be used * to commit the write, but that this field must indicate the size of the - * block in the file rather than the size of the actual entry) + * block in the file rather than the size of the actual entry) */ static krb5_error_code krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_needed, krb5_int32 *commit_point_ptr) @@ -1655,56 +1656,55 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ for (;;) { commit_point = ftell(fp); - if (commit_point == -1) - return errno; + if (commit_point == -1) + return errno; if (!fread(&size, sizeof(size), 1, fp)) { /* Hit the end of file, reserve this slot. */ /* Necessary to avoid a later fseek failing on Solaris 10. */ - if (fseek(fp, 0, SEEK_CUR)) - return errno; - /* htonl(0) is 0, so no need to worry about byte order */ + if (fseek(fp, 0, SEEK_CUR)) + return errno; + /* htonl(0) is 0, so no need to worry about byte order */ size = 0; if (!fwrite(&size, sizeof(size), 1, fp)) return errno; break; } - if (KTVERSION(id) != KRB5_KT_VNO_1) - size = ntohl(size); + if (KTVERSION(id) != KRB5_KT_VNO_1) + size = ntohl(size); if (size > 0) { - /* Non-empty record; seek past it. */ + /* Non-empty record; seek past it. */ if (fseek(fp, size, SEEK_CUR)) return errno; - } else if (size < 0) { - /* Empty record; use if it's big enough, seek past otherwise. */ - size = -size; + } else if (size < 0) { + /* Empty record; use if it's big enough, seek past otherwise. */ + size = -size; if (size >= *size_needed) { *size_needed = size; - break; - } else { + break; + } else { if (fseek(fp, size, SEEK_CUR)) return errno; - } - } else { - /* Empty record at end of file; use it. */ - /* Ensure the new record will be followed by another 0. */ - zero_point = ftell(fp); - if (zero_point == -1) - return errno; - if (fseek(fp, *size_needed, SEEK_CUR)) - return errno; - /* htonl(0) is 0, so no need to worry about byte order */ + } + } else { + /* Empty record at end of file; use it. */ + /* Ensure the new record will be followed by another 0. */ + zero_point = ftell(fp); + if (zero_point == -1) + return errno; + if (fseek(fp, *size_needed, SEEK_CUR)) + return errno; + /* htonl(0) is 0, so no need to worry about byte order */ if (!fwrite(&size, sizeof(size), 1, fp)) return errno; - if (fseek(fp, zero_point, SEEK_SET)) - return errno; - break; - } + if (fseek(fp, zero_point, SEEK_SET)) + return errno; + break; + } } *commit_point_ptr = commit_point; return 0; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index b78e7064c..d58ffee5c 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/kt_memory.c * @@ -42,15 +43,15 @@ * Constants */ -/* +/* * Types */ -/* From krb5.h: +/* From krb5.h: * typedef struct krb5_keytab_entry_st { * krb5_magic magic; * krb5_principal principal; principal of this key - * krb5_timestamp timestamp; time entry written to keytable - * krb5_kvno vno; key version number + * krb5_timestamp timestamp; time entry written to keytable + * krb5_kvno vno; key version number * krb5_keyblock key; the secret key *} krb5_keytab_entry; */ @@ -63,10 +64,10 @@ typedef struct _krb5_mkt_link { /* Per-keytab data header */ typedef struct _krb5_mkt_data { - char *name; /* Name of the keytab */ - k5_mutex_t lock; /* Thread-safety - all but link */ - krb5_int32 refcount; - krb5_mkt_cursor link; + char *name; /* Name of the keytab */ + k5_mutex_t lock; /* Thread-safety - all but link */ + krb5_int32 refcount; + krb5_mkt_cursor link; } krb5_mkt_data; /* List of memory key tables */ @@ -80,8 +81,8 @@ typedef struct _krb5_mkt_ptcursor_data { struct _krb5_mkt_list_node *cur; } krb5_mkt_ptcursor_data; -/* - * Globals +/* + * Globals */ static krb5_mkt_list_node * krb5int_mkt_list = NULL; static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER; @@ -103,55 +104,55 @@ static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER; extern const struct _krb5_kt_ops krb5_mkt_ops; -krb5_error_code KRB5_CALLCONV krb5_mkt_resolve - (krb5_context, - const char *, - krb5_keytab *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_get_name - (krb5_context, - krb5_keytab, - char *, - unsigned int); - -krb5_error_code KRB5_CALLCONV krb5_mkt_close - (krb5_context, - krb5_keytab); - -krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_get_next - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_end_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +krb5_error_code KRB5_CALLCONV krb5_mkt_resolve +(krb5_context, + const char *, + krb5_keytab *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_get_name +(krb5_context, + krb5_keytab, + char *, + unsigned int); + +krb5_error_code KRB5_CALLCONV krb5_mkt_close +(krb5_context, + krb5_keytab); + +krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry +(krb5_context, + krb5_keytab, + krb5_const_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_get_next +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_end_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ -krb5_error_code KRB5_CALLCONV krb5_mkt_add - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV krb5_mkt_add +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); -krb5_error_code KRB5_CALLCONV krb5_mkt_remove - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV krb5_mkt_remove +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); int krb5int_mkt_initialize(void) { return k5_mutex_finish_init(&krb5int_mkt_mutex); @@ -164,33 +165,33 @@ void krb5int_mkt_finalize(void) { k5_mutex_destroy(&krb5int_mkt_mutex); for (node = krb5int_mkt_list; node; node = next_node) { - next_node = node->next; + next_node = node->next; - /* destroy the contents of node->keytab */ - free(KTNAME(node->keytab)); + /* destroy the contents of node->keytab */ + free(KTNAME(node->keytab)); - /* free the keytab entries */ - for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { - next_cursor = cursor->next; - /* the call to krb5_kt_free_entry uses a NULL in place of the - * krb5_context since we know that the context isn't used by - * krb5_kt_free_entry or krb5_free_principal. */ - krb5_kt_free_entry(NULL, cursor->entry); - free(cursor->entry); - free(cursor); - } + /* free the keytab entries */ + for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { + next_cursor = cursor->next; + /* the call to krb5_kt_free_entry uses a NULL in place of the + * krb5_context since we know that the context isn't used by + * krb5_kt_free_entry or krb5_free_principal. */ + krb5_kt_free_entry(NULL, cursor->entry); + free(cursor->entry); + free(cursor); + } - /* destroy the lock */ - k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock)); + /* destroy the lock */ + k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock)); - /* free the private data */ - free(node->keytab->data); + /* free the private data */ + free(node->keytab->data); - /* and the keytab */ - free(node->keytab); + /* and the keytab */ + free(node->keytab); - /* and finally the node */ - free(node); + /* and finally the node */ + free(node); } } @@ -205,34 +206,34 @@ create_list_node(const char *name, krb5_mkt_list_node **listp) list = calloc(1, sizeof(krb5_mkt_list_node)); if (list == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } list->keytab = calloc(1, sizeof(struct _krb5_kt)); if (list->keytab == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } list->keytab->ops = &krb5_mkt_ops; data = calloc(1, sizeof(krb5_mkt_data)); if (data == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } data->link = NULL; data->refcount = 0; data->name = strdup(name); if (data->name == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } err = k5_mutex_init(&data->lock); if (err) - goto cleanup; + goto cleanup; list->keytab->data = data; list->keytab->magic = KV5M_KEYTAB; @@ -243,20 +244,20 @@ create_list_node(const char *name, krb5_mkt_list_node **listp) cleanup: /* data->lock was initialized last, so no need to destroy. */ if (data) - free(data->name); + free(data->name); free(data); if (list) - free(list->keytab); + free(list->keytab); free(list); return err; } /* - * This is an implementation specific resolver. It returns a keytab + * This is an implementation specific resolver. It returns a keytab * initialized with memory keytab routines. */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id) { krb5_mkt_list_node *list; @@ -267,29 +268,29 @@ krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id) /* First determine if a memory keytab of this name already exists */ err = KTGLOCK; if (err) - return err; + return err; for (list = krb5int_mkt_list; list; list = list->next) { - if (strcmp(name,KTNAME(list->keytab)) == 0) - break; + if (strcmp(name,KTNAME(list->keytab)) == 0) + break; } if (!list) { - /* We will now create the new key table with the specified name. - * We do not drop the global lock, therefore the name will indeed - * be unique when we add it. - */ - err = create_list_node(name, &list); - if (err) - goto done; - list->next = krb5int_mkt_list; - krb5int_mkt_list = list; + /* We will now create the new key table with the specified name. + * We do not drop the global lock, therefore the name will indeed + * be unique when we add it. + */ + err = create_list_node(name, &list); + if (err) + goto done; + list->next = krb5int_mkt_list; + krb5int_mkt_list = list; } /* Increment the reference count on the keytab we found or created. */ err = KTLOCK(list->keytab); if (err) - goto done; + goto done; KTREFCNT(list->keytab)++; KTUNLOCK(list->keytab); *id = list->keytab; @@ -306,7 +307,7 @@ done: * a memory keytab shouldn't either. */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_close(krb5_context context, krb5_keytab id) { krb5_mkt_list_node **listp; @@ -319,71 +320,71 @@ krb5_mkt_close(krb5_context context, krb5_keytab id) /* First determine if a memory keytab of this name already exists */ err = KTGLOCK; if (err) - return(err); - + return(err); + for (listp = &krb5int_mkt_list; *listp; listp = &((*listp)->next)) { - if (id == (*listp)->keytab) { - /* Found */ - break; - } + if (id == (*listp)->keytab) { + /* Found */ + break; + } } if (*listp == NULL) { - /* The specified keytab could not be found */ - err = KRB5_KT_NOTFOUND; - goto done; + /* The specified keytab could not be found */ + err = KRB5_KT_NOTFOUND; + goto done; } /* reduce the refcount and return */ err = KTLOCK(id); if (err) - goto done; + goto done; KTREFCNT(id)--; KTUNLOCK(id); #ifdef HEIMDAL_COMPATIBLE - /* In Heimdal if the refcount hits 0, the MEMORY keytab is + /* In Heimdal if the refcount hits 0, the MEMORY keytab is * destroyed since there is no krb5_kt_destroy function. - * There is no need to lock the entry while performing + * There is no need to lock the entry while performing * these operations as the refcount will be 0 and we are * holding the global lock. */ data = (krb5_mkt_data *)id->data; if (data->refcount == 0) { - krb5_mkt_cursor cursor, next_cursor; + krb5_mkt_cursor cursor, next_cursor; - node = *listp; - *listp = node->next; + node = *listp; + *listp = node->next; - /* destroy the contents of node->keytab (aka id) */ - free(data->name); + /* destroy the contents of node->keytab (aka id) */ + free(data->name); - /* free the keytab entries */ - for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { - next_cursor = cursor->next; + /* free the keytab entries */ + for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { + next_cursor = cursor->next; - krb5_kt_free_entry(context, cursor->entry); - free(cursor->entry); - free(cursor); - } + krb5_kt_free_entry(context, cursor->entry); + free(cursor->entry); + free(cursor); + } - /* destroy the lock */ - k5_mutex_destroy(&(data->lock)); + /* destroy the lock */ + k5_mutex_destroy(&(data->lock)); - /* free the private data */ - free(data); + /* free the private data */ + free(data); - /* and the keytab */ - free(node->keytab); + /* and the keytab */ + free(node->keytab); - /* and finally the node */ - free(node); + /* and finally the node */ + free(node); } #endif /* HEIMDAL_COMPATIBLE */ - done: +done: KTGUNLOCK; return(err); } @@ -395,8 +396,8 @@ krb5_mkt_close(krb5_context context, krb5_keytab id) krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry(krb5_context context, krb5_keytab id, - krb5_const_principal principal, krb5_kvno kvno, - krb5_enctype enctype, krb5_keytab_entry *out_entry) + krb5_const_principal principal, krb5_kvno kvno, + krb5_enctype enctype, krb5_keytab_entry *out_entry) { krb5_mkt_cursor cursor; krb5_keytab_entry *entry, *match = NULL; @@ -406,67 +407,67 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, err = KTLOCK(id); if (err) - return err; + return err; for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) { - entry = cursor->entry; - - /* if the principal isn't the one requested, continue to the next. */ - - if (!krb5_principal_compare(context, principal, entry->principal)) - continue; - - /* if the enctype is not ignored and doesn't match, - and continue to the next */ - if (enctype != IGNORE_ENCTYPE) { - if ((err = krb5_c_enctype_compare(context, enctype, - entry->key.enctype, - &similar))) { - /* we can't determine the enctype of the entry */ - continue; - } - - if (!similar) - continue; - } - - if (kvno == IGNORE_VNO) { - if (match == NULL) - match = entry; - else if (entry->vno > match->vno) - match = entry; - } else { - if (entry->vno == kvno) { - match = entry; - break; - } else { - found_wrong_kvno++; - } - } + entry = cursor->entry; + + /* if the principal isn't the one requested, continue to the next. */ + + if (!krb5_principal_compare(context, principal, entry->principal)) + continue; + + /* if the enctype is not ignored and doesn't match, + and continue to the next */ + if (enctype != IGNORE_ENCTYPE) { + if ((err = krb5_c_enctype_compare(context, enctype, + entry->key.enctype, + &similar))) { + /* we can't determine the enctype of the entry */ + continue; + } + + if (!similar) + continue; + } + + if (kvno == IGNORE_VNO) { + if (match == NULL) + match = entry; + else if (entry->vno > match->vno) + match = entry; + } else { + if (entry->vno == kvno) { + match = entry; + break; + } else { + found_wrong_kvno++; + } + } } /* if we found an entry that matches, ... */ - if (match) { - out_entry->magic = match->magic; - out_entry->timestamp = match->timestamp; - out_entry->vno = match->vno; - out_entry->key = match->key; - err = krb5_copy_keyblock_contents(context, &(match->key), - &(out_entry->key)); - /* - * Coerce the enctype of the output keyblock in case we - * got an inexact match on the enctype. - */ - if(enctype != IGNORE_ENCTYPE) - out_entry->key.enctype = enctype; - if(!err) { - err = krb5_copy_principal(context, - match->principal, - &(out_entry->principal)); - } + if (match) { + out_entry->magic = match->magic; + out_entry->timestamp = match->timestamp; + out_entry->vno = match->vno; + out_entry->key = match->key; + err = krb5_copy_keyblock_contents(context, &(match->key), + &(out_entry->key)); + /* + * Coerce the enctype of the output keyblock in case we + * got an inexact match on the enctype. + */ + if(enctype != IGNORE_ENCTYPE) + out_entry->key.enctype = enctype; + if(!err) { + err = krb5_copy_principal(context, + match->principal, + &(out_entry->principal)); + } } else { - if (!err) - err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND; + if (!err) + err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND; } KTUNLOCK(id); @@ -485,7 +486,7 @@ krb5_mkt_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int memset(name, 0, len); result = snprintf(name, len, "%s:%s", id->ops->prefix, KTNAME(id)); if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); + return(KRB5_KT_NAME_TOOLONG); return(0); } @@ -500,7 +501,7 @@ krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cur err = KTLOCK(id); if (err) - return(err); + return(err); *cursorp = (krb5_kt_cursor)KTLINK(id); KTUNLOCK(id); @@ -512,7 +513,7 @@ krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cur * krb5_mkt_get_next() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { krb5_mkt_cursor mkt_cursor = (krb5_mkt_cursor)*cursor; @@ -520,24 +521,24 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry err = KTLOCK(id); if (err) - return err; + return err; if (mkt_cursor == NULL) { - KTUNLOCK(id); - return KRB5_KT_END; + KTUNLOCK(id); + return KRB5_KT_END; } entry->magic = mkt_cursor->entry->magic; entry->timestamp = mkt_cursor->entry->timestamp; entry->vno = mkt_cursor->entry->vno; - entry->key = mkt_cursor->entry->key; - err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), - &(entry->key)); - if (!err) - err = krb5_copy_principal(context, mkt_cursor->entry->principal, - &(entry->principal)); + entry->key = mkt_cursor->entry->key; + err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), + &(entry->key)); + if (!err) + err = krb5_copy_principal(context, mkt_cursor->entry->principal, + &(entry->principal)); if (!err) - *cursor = (krb5_kt_cursor *)mkt_cursor->next; + *cursor = (krb5_kt_cursor *)mkt_cursor->next; KTUNLOCK(id); return(err); } @@ -546,7 +547,7 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry * krb5_mkt_end_get() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { *cursor = NULL; @@ -558,7 +559,7 @@ krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) * krb5_mkt_add() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_error_code err = 0; @@ -566,47 +567,47 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) err = KTLOCK(id); if (err) - return err; + return err; cursor = (krb5_mkt_cursor)malloc(sizeof(krb5_mkt_link)); if (cursor == NULL) { - err = ENOMEM; - goto done; + err = ENOMEM; + goto done; } cursor->entry = (krb5_keytab_entry *)malloc(sizeof(krb5_keytab_entry)); if (cursor->entry == NULL) { - free(cursor); - err = ENOMEM; - goto done; + free(cursor); + err = ENOMEM; + goto done; } cursor->entry->magic = entry->magic; cursor->entry->timestamp = entry->timestamp; cursor->entry->vno = entry->vno; - err = krb5_copy_keyblock_contents(context, &(entry->key), - &(cursor->entry->key)); + err = krb5_copy_keyblock_contents(context, &(entry->key), + &(cursor->entry->key)); if (err) { - free(cursor->entry); - free(cursor); - goto done; + free(cursor->entry); + free(cursor); + goto done; } err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal)); if (err) { - krb5_free_keyblock_contents(context, &(cursor->entry->key)); - free(cursor->entry); - free(cursor); - goto done; + krb5_free_keyblock_contents(context, &(cursor->entry->key)); + free(cursor->entry); + free(cursor); + goto done; } if (KTLINK(id) == NULL) { - cursor->next = NULL; - KTLINK(id) = cursor; + cursor->next = NULL; + KTLINK(id) = cursor; } else { - cursor->next = KTLINK(id); - KTLINK(id) = cursor; + cursor->next = KTLINK(id); + KTLINK(id) = cursor; } - done: +done: KTUNLOCK(id); return err; } @@ -615,7 +616,7 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) * krb5_mkt_remove() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_mkt_cursor *pcursor, next; @@ -623,23 +624,23 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) err = KTLOCK(id); if (err) - return err; + return err; if ( KTLINK(id) == NULL ) { - err = KRB5_KT_NOTFOUND; - goto done; + err = KRB5_KT_NOTFOUND; + goto done; } - + for ( pcursor = &KTLINK(id); *pcursor; pcursor = &(*pcursor)->next ) { - if ( (*pcursor)->entry->vno == entry->vno && - (*pcursor)->entry->key.enctype == entry->key.enctype && - krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal)) - break; + if ( (*pcursor)->entry->vno == entry->vno && + (*pcursor)->entry->key.enctype == entry->key.enctype && + krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal)) + break; } if (!*pcursor) { - err = KRB5_KT_NOTFOUND; - goto done; + err = KRB5_KT_NOTFOUND; + goto done; } krb5_kt_free_entry(context, (*pcursor)->entry); @@ -648,7 +649,7 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) free(*pcursor); (*pcursor) = next; - done: +done: KTUNLOCK(id); return err; } @@ -660,9 +661,9 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) const struct _krb5_kt_ops krb5_mkt_ops = { 0, - "MEMORY", /* Prefix -- this string should not appear anywhere else! */ + "MEMORY", /* Prefix -- this string should not appear anywhere else! */ krb5_mkt_resolve, - krb5_mkt_get_name, + krb5_mkt_get_name, krb5_mkt_close, krb5_mkt_get_entry, krb5_mkt_start_seq_get, @@ -674,4 +675,3 @@ const struct _krb5_kt_ops krb5_mkt_ops = { }; #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 20ea3d755..a2e13040b 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/srvtab/kts_resolv.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -27,23 +28,23 @@ #include "k5-int.h" #include <stdio.h> -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT /* * Constants */ -#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ -#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ +#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ +#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO -/* +/* * Types */ typedef struct _krb5_ktsrvtab_data { - char *name; /* Name of the file */ - FILE *openf; /* open file, if any. */ + char *name; /* Name of the file */ + FILE *openf; /* open file, if any. */ } krb5_ktsrvtab_data; /* @@ -56,59 +57,59 @@ typedef struct _krb5_ktsrvtab_data { extern const struct _krb5_kt_ops krb5_kts_ops; static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve - (krb5_context, - const char *, - krb5_keytab *); +(krb5_context, + const char *, + krb5_keytab *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name - (krb5_context, - krb5_keytab, - char *, - unsigned int); +(krb5_context, + krb5_keytab, + char *, + unsigned int); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close - (krb5_context, - krb5_keytab); +(krb5_context, + krb5_keytab); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); +(krb5_context, + krb5_keytab, + krb5_const_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); static krb5_error_code krb5_ktsrvint_open - (krb5_context, - krb5_keytab); +(krb5_context, + krb5_keytab); static krb5_error_code krb5_ktsrvint_close - (krb5_context, - krb5_keytab); +(krb5_context, + krb5_keytab); -static krb5_error_code krb5_ktsrvint_read_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code krb5_ktsrvint_read_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); /* - * This is an implementation specific resolver. It returns a keytab id + * This is an implementation specific resolver. It returns a keytab id * initialized with srvtab keytab routines. */ @@ -118,20 +119,20 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) krb5_ktsrvtab_data *data; if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) - return(ENOMEM); - + return(ENOMEM); + (*id)->ops = &krb5_kts_ops; data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data)); if (data == NULL) { - free(*id); - return(ENOMEM); + free(*id); + return(ENOMEM); } data->name = strdup(name); if (data->name == NULL) { - free(data); - free(*id); - return(ENOMEM); + free(data); + free(*id); + return(ENOMEM); } data->openf = 0; @@ -148,13 +149,13 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close(krb5_context context, krb5_keytab id) - /* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktsrvtab_resolve(). - */ +/* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktsrvtab_resolve(). + */ { free(KTFILENAME(id)); free(id->data); @@ -178,7 +179,7 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip /* Open the srvtab. */ if ((kerror = krb5_ktsrvint_open(context, id))) - return(kerror); + return(kerror); /* srvtab files only have DES_CBC_CRC keys. */ switch (enctype) { @@ -187,50 +188,50 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_RAW: case IGNORE_ENCTYPE: - break; + break; default: - return KRB5_KT_NOTFOUND; + return KRB5_KT_NOTFOUND; } best_entry.principal = 0; best_entry.vno = 0; best_entry.key.contents = 0; while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { - ent.key.enctype = enctype; - if (krb5_principal_compare(context, principal, ent.principal)) { - if (kvno == IGNORE_VNO) { - if (!best_entry.principal || (best_entry.vno < ent.vno)) { - krb5_kt_free_entry(context, &best_entry); - best_entry = ent; - } - } else { - if (ent.vno == kvno) { - best_entry = ent; - break; - } else { - found_wrong_kvno = 1; - } - } - } else { - krb5_kt_free_entry(context, &ent); - } + ent.key.enctype = enctype; + if (krb5_principal_compare(context, principal, ent.principal)) { + if (kvno == IGNORE_VNO) { + if (!best_entry.principal || (best_entry.vno < ent.vno)) { + krb5_kt_free_entry(context, &best_entry); + best_entry = ent; + } + } else { + if (ent.vno == kvno) { + best_entry = ent; + break; + } else { + found_wrong_kvno = 1; + } + } + } else { + krb5_kt_free_entry(context, &ent); + } } if (kerror == KRB5_KT_END) { - if (best_entry.principal) - kerror = 0; - else if (found_wrong_kvno) - kerror = KRB5_KT_KVNONOTFOUND; - else - kerror = KRB5_KT_NOTFOUND; + if (best_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; } if (kerror) { - (void) krb5_ktsrvint_close(context, id); - krb5_kt_free_entry(context, &best_entry); - return kerror; + (void) krb5_ktsrvint_close(context, id); + krb5_kt_free_entry(context, &best_entry); + return kerror; } if ((kerror = krb5_ktsrvint_close(context, id)) != 0) { - krb5_kt_free_entry(context, &best_entry); - return kerror; + krb5_kt_free_entry(context, &best_entry); + return kerror; } *entry = best_entry; return 0; @@ -242,18 +243,18 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) - /* - * This routine returns the name of the name of the file associated with - * this srvtab-based keytab. The name is prefixed with PREFIX:, so that - * trt will happen if the name is passed back to resolve. - */ +/* + * This routine returns the name of the name of the file associated with + * this srvtab-based keytab. The name is prefixed with PREFIX:, so that + * trt will happen if the name is passed back to resolve. + */ { int result; memset(name, 0, len); result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); + return(KRB5_KT_NAME_TOOLONG); return(0); } @@ -268,11 +269,11 @@ krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor long *fileoff; if ((retval = krb5_ktsrvint_open(context, id))) - return retval; + return retval; if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { - krb5_ktsrvint_close(context, id); - return ENOMEM; + krb5_ktsrvint_close(context, id); + return ENOMEM; } *fileoff = ftell(KTFILEP(id)); *cursorp = (krb5_kt_cursor)fileoff; @@ -292,9 +293,9 @@ krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry * krb5_error_code kerror; if (fseek(KTFILEP(id), *fileoff, 0) == -1) - return KRB5_KT_END; + return KRB5_KT_END; if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry))) - return kerror; + return kerror; *fileoff = ftell(KTFILEP(id)); *entry = cur_entry; return 0; @@ -317,9 +318,9 @@ krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *curs const struct _krb5_kt_ops krb5_kts_ops = { 0, - "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ + "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ krb5_ktsrvtab_resolve, - krb5_ktsrvtab_get_name, + krb5_ktsrvtab_get_name, krb5_ktsrvtab_close, krb5_ktsrvtab_get_entry, krb5_ktsrvtab_start_seq_get, @@ -344,7 +345,7 @@ const struct _krb5_kt_ops krb5_kts_ops = { * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -358,7 +359,7 @@ const struct _krb5_kt_ops krb5_kts_ops = { * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This function contains utilities for the srvtab based implementation * of the keytab. There are no public functions in this file. @@ -367,17 +368,17 @@ const struct _krb5_kt_ops krb5_kts_ops = { #include <stdio.h> #ifdef ANSI_STDIO -#define READ_MODE "rb" +#define READ_MODE "rb" #else -#define READ_MODE "r" +#define READ_MODE "r" #endif /* The maximum sizes for V4 aname, realm, sname, and instance +1 */ /* Taken from krb.h */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 static krb5_error_code read_field(FILE *fp, char *s, int len) @@ -385,11 +386,11 @@ read_field(FILE *fp, char *s, int len) int c; while ((c = getc(fp)) != 0) { - if (c == EOF || len <= 1) - return KRB5_KT_END; - *s = c; - s++; - len--; + if (c == EOF || len <= 1) + return KRB5_KT_END; + *s = c; + s++; + len--; } *s = 0; return 0; @@ -400,7 +401,7 @@ krb5_ktsrvint_open(krb5_context context, krb5_keytab id) { KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); if (!KTFILEP(id)) - return errno; + return errno; set_cloexec_file(KTFILEP(id)); return 0; } @@ -409,7 +410,7 @@ krb5_error_code krb5_ktsrvint_close(krb5_context context, krb5_keytab id) { if (!KTFILEP(id)) - return 0; + return 0; (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; return 0; @@ -428,18 +429,18 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry fp = KTFILEP(id); kerror = read_field(fp, name, sizeof(name)); if (kerror != 0) - return kerror; + return kerror; kerror = read_field(fp, instance, sizeof(instance)); if (kerror != 0) - return kerror; + return kerror; kerror = read_field(fp, realm, sizeof(realm)); if (kerror != 0) - return kerror; + return kerror; vno = getc(fp); if (vno == EOF) - return KRB5_KT_END; + return KRB5_KT_END; if (fread(key, 1, sizeof(key), fp) != sizeof(key)) - return KRB5_KT_END; + return KRB5_KT_END; /* Fill in ret_entry with the data we read. Everything maps well * except for the timestamp, which we don't have a value for. For @@ -447,9 +448,9 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry memset(ret_entry, 0, sizeof(*ret_entry)); ret_entry->magic = KV5M_KEYTAB_ENTRY; kerror = krb5_425_conv_principal(context, name, instance, realm, - &ret_entry->principal); + &ret_entry->principal); if (kerror != 0) - return kerror; + return kerror; ret_entry->vno = vno; ret_entry->timestamp = 0; ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC; @@ -457,12 +458,11 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry ret_entry->key.length = sizeof(key); ret_entry->key.contents = malloc(sizeof(key)); if (!ret_entry->key.contents) { - krb5_free_principal(context, ret_entry->principal); - return ENOMEM; + krb5_free_principal(context, ret_entry->principal); + return ENOMEM; } memcpy(ret_entry->key.contents, key, sizeof(key)); return 0; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktadd.c b/src/lib/krb5/keytab/ktadd.c index 360dd64cd..10bb24649 100644 --- a/src/lib/krb5/keytab/ktadd.c +++ b/src/lib/krb5/keytab/ktadd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktadd.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kt_add_entry() */ @@ -35,9 +36,8 @@ krb5_error_code KRB5_CALLCONV krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { if (id->ops->add) - return (*id->ops->add)(context, id, entry); + return (*id->ops->add)(context, id, entry); else - return KRB5_KT_NOWRITE; + return KRB5_KT_NOWRITE; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index b99bee403..b88380e27 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktbase.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Copyright 2007 by Secure Endpoints Inc. * @@ -91,12 +92,12 @@ int krb5int_kt_initialize(void) err = k5_mutex_finish_init(&kt_typehead_lock); if (err) - goto done; + goto done; err = krb5int_mkt_initialize(); if (err) - goto done; + goto done; - done: +done: return(err); } @@ -107,8 +108,8 @@ krb5int_kt_finalize(void) k5_mutex_destroy(&kt_typehead_lock); for (t = kt_typehead; t != &krb5_kt_typelist_file; t = t_next) { - t_next = t->next; - free((struct krb5_kt_typelist *)t); + t_next = t->next; + free((struct krb5_kt_typelist *)t); } krb5int_mkt_finalize(); @@ -129,16 +130,16 @@ krb5_kt_register(krb5_context context, const krb5_kt_ops *ops) err = k5_mutex_lock(&kt_typehead_lock); if (err) - return err; + return err; for (t = kt_typehead; t && strcmp(t->ops->prefix,ops->prefix);t = t->next) - ; + ; if (t) { - k5_mutex_unlock(&kt_typehead_lock); - return KRB5_KT_TYPE_EXISTS; + k5_mutex_unlock(&kt_typehead_lock); + return KRB5_KT_TYPE_EXISTS; } if (!(newt = (struct krb5_kt_typelist *) malloc(sizeof(*t)))) { - k5_mutex_unlock(&kt_typehead_lock); - return ENOMEM; + k5_mutex_unlock(&kt_typehead_lock); + return ENOMEM; } newt->next = kt_typehead; newt->ops = ops; @@ -172,7 +173,7 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) cp = strchr (name, ':'); if (!cp) - return (*krb5_kt_dfl_ops.resolve)(context, name, ktid); + return (*krb5_kt_dfl_ops.resolve)(context, name, ktid); pfxlen = cp - name; @@ -184,13 +185,13 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) resid = name; } else if (name[0] == '/') { - pfx = strdup("FILE"); - if (!pfx) - return ENOMEM; - resid = name; + pfx = strdup("FILE"); + if (!pfx) + return ENOMEM; + resid = name; } else { resid = name + pfxlen + 1; - + pfx = malloc (pfxlen+1); if (!pfx) return ENOMEM; @@ -203,19 +204,19 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) err = k5_mutex_lock(&kt_typehead_lock); if (err) - goto cleanup; + goto cleanup; tlist = kt_typehead; /* Don't need to hold the lock, since entries are never modified or removed once they're in the list. Just need to protect access to the list head variable itself. */ k5_mutex_unlock(&kt_typehead_lock); for (; tlist; tlist = tlist->next) { - if (strcmp (tlist->ops->prefix, pfx) == 0) { - err = (*tlist->ops->resolve)(context, resid, &id); - if (!err) - *ktid = id; - goto cleanup; - } + if (strcmp (tlist->ops->prefix, pfx) == 0) { + err = (*tlist->ops->resolve)(context, resid, &id); + if (!err) + *ktid = id; + goto cleanup; + } } err = KRB5_KT_UNKNOWN_TYPE; @@ -226,69 +227,69 @@ cleanup: /* * Routines to deal with externalizingt krb5_keytab. - * krb5_keytab_size(); - * krb5_keytab_externalize(); - * krb5_keytab_internalize(); + * krb5_keytab_size(); + * krb5_keytab_externalize(); + * krb5_keytab_internalize(); */ static krb5_error_code krb5_keytab_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_keytab_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_keytab_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. */ static const krb5_ser_entry krb5_keytab_ser_entry = { - KV5M_KEYTAB, /* Type */ - krb5_keytab_size, /* Sizer routine */ - krb5_keytab_externalize, /* Externalize routine */ - krb5_keytab_internalize /* Internalize routine */ + KV5M_KEYTAB, /* Type */ + krb5_keytab_size, /* Sizer routine */ + krb5_keytab_externalize, /* Externalize routine */ + krb5_keytab_internalize /* Internalize routine */ }; static krb5_error_code krb5_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_keytab keytab; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_keytab keytab; + krb5_ser_handle shandle; kret = EINVAL; if ((keytab = (krb5_keytab) arg) && - keytab->ops && - (shandle = (krb5_ser_handle) keytab->ops->serializer) && - shandle->sizer) - kret = (*shandle->sizer)(kcontext, arg, sizep); + keytab->ops && + (shandle = (krb5_ser_handle) keytab->ops->serializer) && + shandle->sizer) + kret = (*shandle->sizer)(kcontext, arg, sizep); return(kret); } static krb5_error_code krb5_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keytab keytab; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_keytab keytab; + krb5_ser_handle shandle; kret = EINVAL; if ((keytab = (krb5_keytab) arg) && - keytab->ops && - (shandle = (krb5_ser_handle) keytab->ops->serializer) && - shandle->externalizer) - kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain); + keytab->ops && + (shandle = (krb5_ser_handle) keytab->ops->serializer) && + shandle->externalizer) + kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain); return(kret); } static krb5_error_code krb5_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_ser_handle shandle; kret = EINVAL; if ((shandle = (krb5_ser_handle) krb5_kt_dfl_ops.serializer) && - shandle->internalizer) - kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain); + shandle->internalizer) + kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain); return(kret); } @@ -298,4 +299,3 @@ krb5_ser_keytab_init(krb5_context kcontext) return(krb5_register_serializer(kcontext, &krb5_keytab_ser_entry)); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c index 3d7ee0946..7a4d68f1b 100644 --- a/src/lib/krb5/keytab/ktdefault.c +++ b/src/lib/krb5/keytab/ktdefault.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktdefault.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Get a default keytab. */ @@ -38,9 +39,8 @@ krb5_kt_default(krb5_context context, krb5_keytab *id) krb5_error_code retval; if ((retval = krb5_kt_default_name(context, defname, sizeof(defname)))) - return retval; + return retval; return krb5_kt_resolve(context, defname, id); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index 9239f3d16..3496c0964 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktfns.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -28,7 +29,7 @@ * Dispatch methods for keytab code. */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -40,7 +41,7 @@ krb5_kt_get_type (krb5_context context, krb5_keytab keytab) krb5_error_code KRB5_CALLCONV krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, - unsigned int namelen) + unsigned int namelen) { return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen)); } @@ -53,48 +54,47 @@ krb5_kt_close(krb5_context context, krb5_keytab keytab) krb5_error_code KRB5_CALLCONV krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry) + krb5_const_principal principal, krb5_kvno vno, + krb5_enctype enctype, krb5_keytab_entry *entry) { krb5_error_code err; krb5_principal_data princ_data; if (krb5_is_referral_realm(&principal->realm)) { - char *realm; - princ_data = *principal; - principal = &princ_data; - err = krb5_get_default_realm(context, &realm); - if (err) - return err; - princ_data.realm.data = realm; - princ_data.realm.length = strlen(realm); + char *realm; + princ_data = *principal; + principal = &princ_data; + err = krb5_get_default_realm(context, &realm); + if (err) + return err; + princ_data.realm.data = realm; + princ_data.realm.length = strlen(realm); } err = krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype, - entry)); + entry)); if (principal == &princ_data) - krb5_free_default_realm(context, princ_data.realm.data); + krb5_free_default_realm(context, princ_data.realm.data); return err; } krb5_error_code KRB5_CALLCONV krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor) + krb5_kt_cursor *cursor) { return krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor)); } krb5_error_code KRB5_CALLCONV krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, - krb5_keytab_entry *entry, krb5_kt_cursor *cursor) + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { return krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor)); } krb5_error_code KRB5_CALLCONV krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor) + krb5_kt_cursor *cursor) { return krb5_x((keytab)->ops->end_get,(context, keytab, cursor)); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c index 9587efc63..8fdbda2fc 100644 --- a/src/lib/krb5/keytab/ktfr_entry.c +++ b/src/lib/krb5/keytab/ktfr_entry.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktfr_entry.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +23,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kt_free_entry() */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -34,12 +35,12 @@ krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents (krb5_context context, krb5_keytab_entry *entry) { if (!entry) - return 0; - + return 0; + krb5_free_principal(context, entry->principal); if (entry->key.contents) { - zap((char *)entry->key.contents, entry->key.length); - free(entry->key.contents); + zap((char *)entry->key.contents, entry->key.length); + free(entry->key.contents); } return 0; } @@ -50,4 +51,3 @@ krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *entry) return krb5_free_keytab_entry_contents (context, entry); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktremove.c b/src/lib/krb5/keytab/ktremove.c index 4ba6063f7..1ccefd842 100644 --- a/src/lib/krb5/keytab/ktremove.c +++ b/src/lib/krb5/keytab/ktremove.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktremove.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +23,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kt_remove_entry() */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -34,9 +35,8 @@ krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { if (id->ops->remove) - return (*id->ops->remove)(context, id, entry); + return (*id->ops->remove)(context, id, entry); else - return KRB5_KT_NOWRITE; + return KRB5_KT_NOWRITE; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/read_servi.c b/src/lib/krb5/keytab/read_servi.c index 6638a5a92..0172edbb0 100644 --- a/src/lib/krb5/keytab/read_servi.c +++ b/src/lib/krb5/keytab/read_servi.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/read_servi.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,25 +23,25 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * - * This routine is designed to be passed to krb5_rd_req. + * + * This routine is designed to be passed to krb5_rd_req. * It is a convenience function that reads a key out of a keytab. - * It handles all of the opening and closing of the keytab - * internally. + * It handles all of the opening and closing of the keytab + * internally. */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" #define KSUCCESS 0 /* - * effects: If keyprocarg is not NULL, it is taken to be the name of a - * keytab. Otherwise, the default keytab will be used. This - * routine opens the keytab and finds the principal associated with - * principal, vno, and enctype and returns the resulting key in *key - * or returning an error code if it is not found. + * effects: If keyprocarg is not NULL, it is taken to be the name of a + * keytab. Otherwise, the default keytab will be used. This + * routine opens the keytab and finds the principal associated with + * principal, vno, and enctype and returns the resulting key in *key + * or returning an error code if it is not found. * returns: Either KSUCCESS or error code. * errors: error code if not found or keyprocarg is invalid. */ @@ -51,28 +52,28 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */ krb5_keytab id; krb5_keytab_entry entry; - + /* - * Get the name of the file that we should use. + * Get the name of the file that we should use. */ if (!keyprocarg) { - if ((kerror = krb5_kt_default_name(context, (char *)keytabname, - sizeof(keytabname) - 1))!= KSUCCESS) - return (kerror); + if ((kerror = krb5_kt_default_name(context, (char *)keytabname, + sizeof(keytabname) - 1))!= KSUCCESS) + return (kerror); } else { - memset(keytabname, 0, sizeof(keytabname)); - (void) strncpy(keytabname, (char *)keyprocarg, - sizeof(keytabname) - 1); + memset(keytabname, 0, sizeof(keytabname)); + (void) strncpy(keytabname, (char *)keyprocarg, + sizeof(keytabname) - 1); } if ((kerror = krb5_kt_resolve(context, (char *)keytabname, &id))) - return (kerror); + return (kerror); kerror = krb5_kt_get_entry(context, id, principal, vno, enctype, &entry); krb5_kt_close(context, id); if (kerror) - return(kerror); + return(kerror); krb5_copy_keyblock(context, &entry.key, key); @@ -81,4 +82,3 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri return (KSUCCESS); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/t_keytab.c b/src/lib/krb5/keytab/t_keytab.c index d23502226..607ce9ffb 100644 --- a/src/lib/krb5/keytab/t_keytab.c +++ b/src/lib/krb5/keytab/t_keytab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/t_keytab.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +23,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * A set of tests for the keytab interface */ @@ -45,410 +46,410 @@ extern const krb5_kt_ops krb5_ktf_writable_ops; #define KRB5_OK 0 -#define CHECK(kret,msg) \ - if (kret != KRB5_OK) {\ - com_err(msg, kret, ""); \ - fflush(stderr);\ - exit(1);\ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK(kret,msg) \ + if (kret != KRB5_OK) { \ + com_err(msg, kret, ""); \ + fflush(stderr); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); -#define CHECK_STR(str,msg) \ - if (str == 0) {\ - com_err(msg, kret, "");\ - exit(1);\ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK_STR(str,msg) \ + if (str == 0) { \ + com_err(msg, kret, ""); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); static void test_misc(krb5_context context) { - /* Tests for certain error returns */ - krb5_error_code kret; - krb5_keytab ktid; - char defname[BUFSIZ]; - char *name; - - fprintf(stderr, "Testing miscellaneous error conditions\n"); - - kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid); - if (kret != KRB5_KT_UNKNOWN_TYPE) { - CHECK(kret, "resolve unknown type"); - } - - /* Test length limits on krb5_kt_default_name */ - kret = krb5_kt_default_name(context, defname, sizeof(defname)); - CHECK(kret, "krb5_kt_default_name error"); - - /* Now allocate space - without the null... */ - name = malloc(strlen(defname)); - if(!name) { - fprintf(stderr, "Out of memory in testing\n"); - exit(1); - } - kret = krb5_kt_default_name(context, name, strlen(defname)); - free(name); - if (kret != KRB5_CONFIG_NOTENUFSPACE) { - CHECK(kret, "krb5_kt_default_name limited"); - } + /* Tests for certain error returns */ + krb5_error_code kret; + krb5_keytab ktid; + char defname[BUFSIZ]; + char *name; + + fprintf(stderr, "Testing miscellaneous error conditions\n"); + + kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid); + if (kret != KRB5_KT_UNKNOWN_TYPE) { + CHECK(kret, "resolve unknown type"); + } + + /* Test length limits on krb5_kt_default_name */ + kret = krb5_kt_default_name(context, defname, sizeof(defname)); + CHECK(kret, "krb5_kt_default_name error"); + + /* Now allocate space - without the null... */ + name = malloc(strlen(defname)); + if(!name) { + fprintf(stderr, "Out of memory in testing\n"); + exit(1); + } + kret = krb5_kt_default_name(context, name, strlen(defname)); + free(name); + if (kret != KRB5_CONFIG_NOTENUFSPACE) { + CHECK(kret, "krb5_kt_default_name limited"); + } } static void kt_test(krb5_context context, const char *name) { - krb5_error_code kret; - krb5_keytab kt; - const char *type; - char buf[BUFSIZ]; - char *p; - krb5_keytab_entry kent, kent2; - krb5_principal princ; - krb5_kt_cursor cursor, cursor2; - int cnt; - - kret = krb5_kt_resolve(context, name, &kt); - CHECK(kret, "resolve"); - - type = krb5_kt_get_type(context, kt); - CHECK_STR(type, "getting kt type"); - printf(" Type is: %s\n", type); - - kret = krb5_kt_get_name(context, kt, buf, sizeof(buf)); - CHECK(kret, "get_name"); - printf(" Name is: %s\n", buf); - - /* Check that length checks fail */ - /* The buffer is allocated too small - to allow for valgrind test of - overflows + krb5_error_code kret; + krb5_keytab kt; + const char *type; + char buf[BUFSIZ]; + char *p; + krb5_keytab_entry kent, kent2; + krb5_principal princ; + krb5_kt_cursor cursor, cursor2; + int cnt; + + kret = krb5_kt_resolve(context, name, &kt); + CHECK(kret, "resolve"); + + type = krb5_kt_get_type(context, kt); + CHECK_STR(type, "getting kt type"); + printf(" Type is: %s\n", type); + + kret = krb5_kt_get_name(context, kt, buf, sizeof(buf)); + CHECK(kret, "get_name"); + printf(" Name is: %s\n", buf); + + /* Check that length checks fail */ + /* The buffer is allocated too small - to allow for valgrind test of + overflows + */ + p = malloc(strlen(buf)); + kret = krb5_kt_get_name(context, kt, p, 1); + if(kret != KRB5_KT_NAME_TOOLONG) { + CHECK(kret, "get_name - size 1"); + } + + + kret = krb5_kt_get_name(context, kt, p, strlen(buf)); + if(kret != KRB5_KT_NAME_TOOLONG) { + CHECK(kret, "get_name"); + } + free(p); + + /* Try to lookup unknown principal - when keytab does not exist*/ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) { + CHECK(kret, "Getting non-existant entry"); + } + + + /* =================== Add entries to keytab ================= */ + /* + * Add the following for this principal + * enctype 1, kvno 1, key = "1" + * enctype 2, kvno 1, key = "1" + * enctype 1, kvno 2, key = "2" */ - p = malloc(strlen(buf)); - kret = krb5_kt_get_name(context, kt, p, 1); - if(kret != KRB5_KT_NAME_TOOLONG) { - CHECK(kret, "get_name - size 1"); - } - - - kret = krb5_kt_get_name(context, kt, p, strlen(buf)); - if(kret != KRB5_KT_NAME_TOOLONG) { - CHECK(kret, "get_name"); - } - free(p); - - /* Try to lookup unknown principal - when keytab does not exist*/ - kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); - - - kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); - if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) { - CHECK(kret, "Getting non-existant entry"); - } - - - /* =================== Add entries to keytab ================= */ - /* - * Add the following for this principal - * enctype 1, kvno 1, key = "1" - * enctype 2, kvno 1, key = "1" - * enctype 1, kvno 2, key = "2" - */ - memset(&kent, 0, sizeof(kent)); - kent.magic = KV5M_KEYTAB_ENTRY; - kent.principal = princ; - kent.timestamp = 327689; - kent.vno = 1; - kent.key.magic = KV5M_KEYBLOCK; - kent.key.enctype = 1; - kent.key.length = 1; - kent.key.contents = (krb5_octet *) "1"; - - - kret = krb5_kt_add_entry(context, kt, &kent); - CHECK(kret, "Adding initial entry"); - - kent.key.enctype = 2; - kret = krb5_kt_add_entry(context, kt, &kent); - CHECK(kret, "Adding second entry"); - - kent.key.enctype = 1; - kent.vno = 2; - kent.key.contents = (krb5_octet *) "2"; - kret = krb5_kt_add_entry(context, kt, &kent); - CHECK(kret, "Adding third entry"); - - /* Free memory */ - krb5_free_principal(context, princ); - - /* ============== Test iterating over contents of keytab ========= */ - - kret = krb5_kt_start_seq_get(context, kt, &cursor); - CHECK(kret, "Start sequence get"); - - - memset(&kent, 0, sizeof(kent)); - cnt = 0; - while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) { - if(((kent.vno != 1) && (kent.vno != 2)) || - ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Error in read contents\n"); - exit(1); - } + memset(&kent, 0, sizeof(kent)); + kent.magic = KV5M_KEYTAB_ENTRY; + kent.principal = princ; + kent.timestamp = 327689; + kent.vno = 1; + kent.key.magic = KV5M_KEYBLOCK; + kent.key.enctype = 1; + kent.key.length = 1; + kent.key.contents = (krb5_octet *) "1"; + + + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding initial entry"); + + kent.key.enctype = 2; + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding second entry"); + + kent.key.enctype = 1; + kent.vno = 2; + kent.key.contents = (krb5_octet *) "2"; + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding third entry"); + + /* Free memory */ + krb5_free_principal(context, princ); + + /* ============== Test iterating over contents of keytab ========= */ + + kret = krb5_kt_start_seq_get(context, kt, &cursor); + CHECK(kret, "Start sequence get"); + + + memset(&kent, 0, sizeof(kent)); + cnt = 0; + while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) { + if(((kent.vno != 1) && (kent.vno != 2)) || + ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Error in read contents\n"); + exit(1); + } + + if((kent.magic != KV5M_KEYTAB_ENTRY) || + (kent.key.magic != KV5M_KEYBLOCK)) { + fprintf(stderr, "Magic number in sequence not proper\n"); + exit(1); + } + + cnt++; + krb5_free_keytab_entry_contents(context, &kent); + } + if (kret != KRB5_KT_END) { + CHECK(kret, "getting next entry"); + } + + if(cnt != 3) { + fprintf(stderr, "Mismatch in number of entries in keytab"); + } + + kret = krb5_kt_end_seq_get(context, kt, &cursor); + CHECK(kret, "End sequence get"); + + + /* ========================== get_entry tests ============== */ + + /* Try to lookup unknown principal - now that keytab exists*/ + kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + if((kret != KRB5_KT_NOTFOUND)) { + CHECK(kret, "Getting non-existant entry"); + } + + krb5_free_principal(context, princ); + + /* Try to lookup known principal */ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did not specify an enctype or kvno */ + if (!krb5_principal_compare(context, princ, kent.principal) || + ((kent.vno != 1) && (kent.vno != 2)) || + ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + exit(1); + } + + krb5_free_keytab_entry_contents(context, &kent); + + /* Try to lookup a specific enctype - but unspecified kvno - should give + * max kvno + */ + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did specified an enctype */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } + + krb5_free_keytab_entry_contents(context, &kent); + + /* Try to lookup unspecified enctype, but a specified kvno */ + + kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did not specify a kvno */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } - if((kent.magic != KV5M_KEYTAB_ENTRY) || - (kent.key.magic != KV5M_KEYBLOCK)) { - fprintf(stderr, "Magic number in sequence not proper\n"); - exit(1); - } + krb5_free_keytab_entry_contents(context, &kent); - cnt++; - krb5_free_keytab_entry_contents(context, &kent); - } - if (kret != KRB5_KT_END) { - CHECK(kret, "getting next entry"); - } - if(cnt != 3) { - fprintf(stderr, "Mismatch in number of entries in keytab"); - } - kret = krb5_kt_end_seq_get(context, kt, &cursor); - CHECK(kret, "End sequence get"); + /* Try to lookup specified enctype and kvno */ + kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent); + CHECK(kret, "looking up principal"); - /* ========================== get_entry tests ============== */ - - /* Try to lookup unknown principal - now that keytab exists*/ - kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); - - - kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); - if((kret != KRB5_KT_NOTFOUND)) { - CHECK(kret, "Getting non-existant entry"); - } - - krb5_free_principal(context, princ); - - /* Try to lookup known principal */ - kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); - - kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); - CHECK(kret, "looking up principal"); - - /* Ensure a valid answer - we did not specify an enctype or kvno */ - if (!krb5_principal_compare(context, princ, kent.principal) || - ((kent.vno != 1) && (kent.vno != 2)) || - ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); - exit(1); - } - - krb5_free_keytab_entry_contents(context, &kent); - - /* Try to lookup a specific enctype - but unspecified kvno - should give - * max kvno - */ - kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); - CHECK(kret, "looking up principal"); - - /* Ensure a valid answer - we did specified an enctype */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 2) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); - - exit(1); - - } - - krb5_free_keytab_entry_contents(context, &kent); - - /* Try to lookup unspecified enctype, but a specified kvno */ - - kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent); - CHECK(kret, "looking up principal"); - - /* Ensure a valid answer - we did not specify a kvno */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 2) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); - - exit(1); - - } - - krb5_free_keytab_entry_contents(context, &kent); - - - - /* Try to lookup specified enctype and kvno */ - - kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent); - CHECK(kret, "looking up principal"); - - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 1) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 1) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); - exit(1); + exit(1); - } + } - krb5_free_keytab_entry_contents(context, &kent); + krb5_free_keytab_entry_contents(context, &kent); - /* Try lookup with active iterators. */ - kret = krb5_kt_start_seq_get(context, kt, &cursor); - CHECK(kret, "Start sequence get(2)"); - kret = krb5_kt_start_seq_get(context, kt, &cursor2); - CHECK(kret, "Start sequence get(3)"); - kret = krb5_kt_next_entry(context, kt, &kent, &cursor); - CHECK(kret, "getting next entry(2)"); - krb5_free_keytab_entry_contents(context, &kent); - kret = krb5_kt_next_entry(context, kt, &kent, &cursor); - CHECK(kret, "getting next entry(3)"); - kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); - CHECK(kret, "getting next entry(4)"); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2); - CHECK(kret, "looking up principal(2)"); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); - CHECK(kret, "getting next entry(5)"); - if (!krb5_principal_compare(context, kent.principal, kent2.principal)) { - fprintf(stderr, "iterators not in sync\n"); - exit(1); - } - krb5_free_keytab_entry_contents(context, &kent); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_next_entry(context, kt, &kent, &cursor); - CHECK(kret, "getting next entry(6)"); - kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); - CHECK(kret, "getting next entry(7)"); - krb5_free_keytab_entry_contents(context, &kent); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_end_seq_get(context, kt, &cursor); - CHECK(kret, "ending sequence get(1)"); - kret = krb5_kt_end_seq_get(context, kt, &cursor2); - CHECK(kret, "ending sequence get(2)"); + /* Try lookup with active iterators. */ + kret = krb5_kt_start_seq_get(context, kt, &cursor); + CHECK(kret, "Start sequence get(2)"); + kret = krb5_kt_start_seq_get(context, kt, &cursor2); + CHECK(kret, "Start sequence get(3)"); + kret = krb5_kt_next_entry(context, kt, &kent, &cursor); + CHECK(kret, "getting next entry(2)"); + krb5_free_keytab_entry_contents(context, &kent); + kret = krb5_kt_next_entry(context, kt, &kent, &cursor); + CHECK(kret, "getting next entry(3)"); + kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); + CHECK(kret, "getting next entry(4)"); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2); + CHECK(kret, "looking up principal(2)"); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); + CHECK(kret, "getting next entry(5)"); + if (!krb5_principal_compare(context, kent.principal, kent2.principal)) { + fprintf(stderr, "iterators not in sync\n"); + exit(1); + } + krb5_free_keytab_entry_contents(context, &kent); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_next_entry(context, kt, &kent, &cursor); + CHECK(kret, "getting next entry(6)"); + kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); + CHECK(kret, "getting next entry(7)"); + krb5_free_keytab_entry_contents(context, &kent); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_end_seq_get(context, kt, &cursor); + CHECK(kret, "ending sequence get(1)"); + kret = krb5_kt_end_seq_get(context, kt, &cursor2); + CHECK(kret, "ending sequence get(2)"); - /* Try to lookup specified enctype and kvno - that does not exist*/ + /* Try to lookup specified enctype and kvno - that does not exist*/ - kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent); - if(kret != KRB5_KT_KVNONOTFOUND) { - CHECK(kret, "looking up specific principal, kvno, enctype"); - } + kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent); + if(kret != KRB5_KT_KVNONOTFOUND) { + CHECK(kret, "looking up specific principal, kvno, enctype"); + } - krb5_free_principal(context, princ); + krb5_free_principal(context, princ); - /* ========================= krb5_kt_remove_entry =========== */ - /* Lookup the keytab entry w/ 2 kvno - and delete version 2 - - ensure gone */ - kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); + /* ========================= krb5_kt_remove_entry =========== */ + /* Lookup the keytab entry w/ 2 kvno - and delete version 2 - + ensure gone */ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); - kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); - CHECK(kret, "looking up principal"); + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); - /* Ensure a valid answer - we are looking for max(kvno) and enc=1 */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 2) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); + /* Ensure a valid answer - we are looking for max(kvno) and enc=1 */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); - exit(1); + exit(1); - } + } - /* Delete it */ - kret = krb5_kt_remove_entry(context, kt, &kent); - CHECK(kret, "Removing entry"); + /* Delete it */ + kret = krb5_kt_remove_entry(context, kt, &kent); + CHECK(kret, "Removing entry"); - krb5_free_keytab_entry_contents(context, &kent); - /* And ensure gone */ + krb5_free_keytab_entry_contents(context, &kent); + /* And ensure gone */ - kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); - CHECK(kret, "looking up principal"); + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); - /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 1) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Delete principal check failed\n"); - - exit(1); - - } - krb5_free_keytab_entry_contents(context, &kent); - - krb5_free_principal(context, princ); - - /* ======================= Finally close ======================= */ - - kret = krb5_kt_close(context, kt); - CHECK(kret, "close"); + /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 1) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Delete principal check failed\n"); + + exit(1); + + } + krb5_free_keytab_entry_contents(context, &kent); + + krb5_free_principal(context, princ); + + /* ======================= Finally close ======================= */ + + kret = krb5_kt_close(context, kt); + CHECK(kret, "close"); } -static void do_test(krb5_context context, const char *prefix, - krb5_boolean delete) +static void do_test(krb5_context context, const char *prefix, + krb5_boolean delete) { - char *name, *filename; - - if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) { - perror("asprintf"); - exit(1); - } - if (asprintf(&name, "%s%s", prefix, filename) < 0) { - perror("asprintf"); - exit(1); - } - printf("Starting test on %s\n", name); - kt_test(context, name); - printf("Test on %s passed\n", name); - if(delete) - unlink(filename); - free(filename); - free(name); + char *name, *filename; + + if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) { + perror("asprintf"); + exit(1); + } + if (asprintf(&name, "%s%s", prefix, filename) < 0) { + perror("asprintf"); + exit(1); + } + printf("Starting test on %s\n", name); + kt_test(context, name); + printf("Test on %s passed\n", name); + if(delete) + unlink(filename); + free(filename); + free(name); } -int +int main (void) { - krb5_context context; - krb5_error_code kret; + krb5_context context; + krb5_error_code kret; - if ((kret = krb5_init_context(&context))) { - printf("Couldn't initialize krb5 library: %s\n", - error_message(kret)); - exit(1); - } + if ((kret = krb5_init_context(&context))) { + printf("Couldn't initialize krb5 library: %s\n", + error_message(kret)); + exit(1); + } - /* All keytab types are registered by default -- test for - redundant error */ - kret = krb5_kt_register(context, &krb5_ktf_writable_ops); - if(kret && kret != KRB5_KT_TYPE_EXISTS) { - CHECK(kret, "register ktf_writable"); - } + /* All keytab types are registered by default -- test for + redundant error */ + kret = krb5_kt_register(context, &krb5_ktf_writable_ops); + if(kret && kret != KRB5_KT_TYPE_EXISTS) { + CHECK(kret, "register ktf_writable"); + } - test_misc(context); - do_test(context, "WRFILE:", FALSE); - do_test(context, "MEMORY:", TRUE); + test_misc(context); + do_test(context, "WRFILE:", FALSE); + do_test(context, "MEMORY:", TRUE); - krb5_free_context(context); - return 0; + krb5_free_context(context); + return 0; } @@ -457,9 +458,9 @@ main (void) /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); +(krb5_context, + krb5_keytab, + krb5_keytab_entry * ); |