summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb/fast.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/fast.c')
-rw-r--r--src/lib/krb5/krb/fast.c458
1 files changed, 229 insertions, 229 deletions
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index 381173d5c..ae5602cde 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/krb5/krb/fast.c
*
@@ -8,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
- *
+ *
+ *
*
*/
@@ -66,65 +67,65 @@ static krb5_error_code fast_armor_ap_request
memset(&creds, 0, sizeof(creds));
retval = krb5_tgtname(context, target_realm, target_realm, &creds.server);
if (retval ==0)
- retval = krb5_cc_get_principal(context, ccache, &creds.client);
+ retval = krb5_cc_get_principal(context, ccache, &creds.client);
if (retval == 0)
- retval = krb5_get_credentials(context, 0, ccache, &creds, &out_creds);
+ retval = krb5_get_credentials(context, 0, ccache, &creds, &out_creds);
if (retval == 0)
- retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/,
- out_creds, &encoded_authenticator);
+ retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/,
+ out_creds, &encoded_authenticator);
if (retval == 0)
- retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey);
+ retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey);
if (retval == 0)
- retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
- &out_creds->keyblock, "ticketarmor", &armor_key);
+ retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
+ &out_creds->keyblock, "ticketarmor", &armor_key);
if (retval == 0) {
- armor = calloc(1, sizeof(krb5_fast_armor));
- if (armor == NULL)
- retval = ENOMEM;
+ armor = calloc(1, sizeof(krb5_fast_armor));
+ if (armor == NULL)
+ retval = ENOMEM;
}
if (retval == 0) {
- armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST;
- armor->armor_value = encoded_authenticator;
- encoded_authenticator.data = NULL;
- encoded_authenticator.length = 0;
- state->armor = armor;
- armor = NULL;
- state->armor_key = armor_key;
- armor_key = NULL;
+ armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST;
+ armor->armor_value = encoded_authenticator;
+ encoded_authenticator.data = NULL;
+ encoded_authenticator.length = 0;
+ state->armor = armor;
+ armor = NULL;
+ state->armor_key = armor_key;
+ armor_key = NULL;
}
krb5_free_keyblock(context, armor_key);
krb5_free_keyblock(context, subkey);
if (out_creds)
- krb5_free_creds(context, out_creds);
+ krb5_free_creds(context, out_creds);
krb5_free_cred_contents(context, &creds);
if (encoded_authenticator.data)
- krb5_free_data_contents(context, &encoded_authenticator);
+ krb5_free_data_contents(context, &encoded_authenticator);
krb5_auth_con_free(context, authcontext);
return retval;
}
krb5_error_code
krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state,
- krb5_kdc_req *request, krb5_data **encoded_request_body)
+ krb5_kdc_req *request, krb5_data **encoded_request_body)
{
krb5_error_code retval = 0;
krb5_data *local_encoded_request_body = NULL;
assert(state != NULL);
*encoded_request_body = NULL;
if (state->armor_key == NULL) {
- return encode_krb5_kdc_req_body(request, encoded_request_body);
+ return encode_krb5_kdc_req_body(request, encoded_request_body);
}
state->fast_outer_request = *request;
state->fast_outer_request.padata = NULL;
if (retval == 0)
- retval = encode_krb5_kdc_req_body(&state->fast_outer_request,
- &local_encoded_request_body);
+ retval = encode_krb5_kdc_req_body(&state->fast_outer_request,
+ &local_encoded_request_body);
if (retval == 0) {
- *encoded_request_body = local_encoded_request_body;
- local_encoded_request_body = NULL;
+ *encoded_request_body = local_encoded_request_body;
+ local_encoded_request_body = NULL;
}
if (local_encoded_request_body != NULL)
- krb5_free_data(context, local_encoded_request_body);
+ krb5_free_data(context, local_encoded_request_body);
return retval;
}
@@ -137,31 +138,31 @@ krb5_error_code krb5int_fast_as_armor
krb5_ccache ccache = NULL;
krb5_clear_error_message(context);
if (opte->opt_private->fast_ccache_name) {
- retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
- &ccache);
- if (retval==0)
- retval = fast_armor_ap_request(context, state, ccache,
- krb5_princ_realm(context, request->server));
- if (retval != 0) {
- const char * errmsg;
- errmsg = krb5_get_error_message(context, retval);
- if (errmsg) {
- krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg);
- krb5_free_error_message(context, errmsg);
- }
- }
+ retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
+ &ccache);
+ if (retval==0)
+ retval = fast_armor_ap_request(context, state, ccache,
+ krb5_princ_realm(context, request->server));
+ if (retval != 0) {
+ const char * errmsg;
+ errmsg = krb5_get_error_message(context, retval);
+ if (errmsg) {
+ krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg);
+ krb5_free_error_message(context, errmsg);
+ }
+ }
}
if (ccache)
- krb5_cc_close(context, ccache);
+ krb5_cc_close(context, ccache);
return retval;
}
-krb5_error_code
+krb5_error_code
krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *state,
- krb5_kdc_req *request,
- const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder,
- krb5_data **encoded_request)
+ krb5_kdc_req *request,
+ const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder,
+ krb5_data **encoded_request)
{
krb5_error_code retval = 0;
krb5_pa_data *pa_array[2];
@@ -180,68 +181,68 @@ krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *
assert(state->fast_outer_request.padata == NULL);
memset(pa_array, 0, sizeof pa_array);
if (state->armor_key == NULL) {
- return encoder(request, encoded_request);
+ return encoder(request, encoded_request);
}
/* Fill in a fresh random nonce for each inner request*/
- random_data.length = 4;
- random_data.data = (char *)random_buf;
- retval = krb5_c_random_make_octets(context, &random_data);
- if (retval == 0) {
- request->nonce = 0x7fffffff & load_32_n(random_buf);
- state->nonce = request->nonce;
- }
+ random_data.length = 4;
+ random_data.data = (char *)random_buf;
+ retval = krb5_c_random_make_octets(context, &random_data);
+ if (retval == 0) {
+ request->nonce = 0x7fffffff & load_32_n(random_buf);
+ state->nonce = request->nonce;
+ }
fast_req.req_body = request;
if (fast_req.req_body->padata == NULL) {
- fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
- if (fast_req.req_body->padata == NULL)
- retval = ENOMEM;
+ fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
+ if (fast_req.req_body->padata == NULL)
+ retval = ENOMEM;
}
fast_req.fast_options = state->fast_options;
if (retval == 0)
- retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
+ retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
if (retval == 0) {
- armored_req = calloc(1, sizeof(krb5_fast_armored_req));
- if (armored_req == NULL)
- retval = ENOMEM;
+ armored_req = calloc(1, sizeof(krb5_fast_armored_req));
+ if (armored_req == NULL)
+ retval = ENOMEM;
}
if (retval == 0)
- armored_req->armor = state->armor;
+ armored_req->armor = state->armor;
if (retval == 0)
- retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
- &cksumtype);
+ retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
+ &cksumtype);
if (retval ==0)
- retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
- KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,
- &armored_req->req_checksum);
+ retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
+ KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,
+ &armored_req->req_checksum);
if (retval == 0)
- retval = krb5_encrypt_helper(context, state->armor_key,
- KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req,
- &armored_req->enc_part);
+ retval = krb5_encrypt_helper(context, state->armor_key,
+ KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req,
+ &armored_req->enc_part);
if (retval == 0)
- retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req);
+ retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req);
if (retval==0) {
- pa[0].pa_type = KRB5_PADATA_FX_FAST;
- pa[0].contents = (unsigned char *) encoded_armored_req->data;
- pa[0].length = encoded_armored_req->length;
- pa_array[0] = &pa[0];
+ pa[0].pa_type = KRB5_PADATA_FX_FAST;
+ pa[0].contents = (unsigned char *) encoded_armored_req->data;
+ pa[0].length = encoded_armored_req->length;
+ pa_array[0] = &pa[0];
}
state->fast_outer_request.padata = pa_array;
if(retval == 0)
- retval = encoder(&state->fast_outer_request, &local_encoded_result);
+ retval = encoder(&state->fast_outer_request, &local_encoded_result);
if (retval == 0) {
- *encoded_request = local_encoded_result;
- local_encoded_result = NULL;
+ *encoded_request = local_encoded_result;
+ local_encoded_result = NULL;
}
if (encoded_armored_req)
- krb5_free_data(context, encoded_armored_req);
+ krb5_free_data(context, encoded_armored_req);
if (armored_req) {
- armored_req->armor = NULL; /*owned by state*/
- krb5_free_fast_armored_req(context, armored_req);
+ armored_req->armor = NULL; /*owned by state*/
+ krb5_free_fast_armored_req(context, armored_req);
}
if (encoded_fast_req)
- krb5_free_data(context, encoded_fast_req);
+ krb5_free_data(context, encoded_fast_req);
if (local_encoded_result)
- krb5_free_data(context, local_encoded_result);
+ krb5_free_data(context, local_encoded_result);
state->fast_outer_request.padata = NULL;
return retval;
}
@@ -258,49 +259,49 @@ static krb5_error_code decrypt_fast_reply
krb5_fast_response *local_resp = NULL;
assert(state != NULL);
assert(state->armor_key);
- fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST);
+ fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST);
if (fx_reply == NULL)
- retval = KRB5_ERR_FAST_REQUIRED;
+ retval = KRB5_ERR_FAST_REQUIRED;
if (retval == 0) {
- scratch.data = (char *) fx_reply->contents;
- scratch.length = fx_reply->length;
- retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response);
+ scratch.data = (char *) fx_reply->contents;
+ scratch.length = fx_reply->length;
+ retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response);
}
scratch.data = NULL;
if (retval == 0) {
- scratch.data = malloc(encrypted_response->ciphertext.length);
- if (scratch.data == NULL)
- retval = ENOMEM;
- scratch.length = encrypted_response->ciphertext.length;
+ scratch.data = malloc(encrypted_response->ciphertext.length);
+ if (scratch.data == NULL)
+ retval = ENOMEM;
+ scratch.length = encrypted_response->ciphertext.length;
}
if (retval == 0)
- retval = krb5_c_decrypt(context, state->armor_key,
- KRB5_KEYUSAGE_FAST_REP, NULL,
- encrypted_response, &scratch);
+ retval = krb5_c_decrypt(context, state->armor_key,
+ KRB5_KEYUSAGE_FAST_REP, NULL,
+ encrypted_response, &scratch);
if (retval != 0) {
- const char * errmsg;
- errmsg = krb5_get_error_message(context, retval);
- krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg);
- krb5_free_error_message(context, errmsg);
+ const char * errmsg;
+ errmsg = krb5_get_error_message(context, retval);
+ krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg);
+ krb5_free_error_message(context, errmsg);
}
if (retval == 0)
- retval = decode_krb5_fast_response(&scratch, &local_resp);
+ retval = decode_krb5_fast_response(&scratch, &local_resp);
if (retval == 0) {
- if (local_resp->nonce != state->nonce) {
- retval = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified");
- }
+ if (local_resp->nonce != state->nonce) {
+ retval = KRB5_KDCREP_MODIFIED;
+ krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified");
+ }
}
if (retval == 0) {
- *response = local_resp;
- local_resp = NULL;
+ *response = local_resp;
+ local_resp = NULL;
}
if (scratch.data)
- free(scratch.data);
+ free(scratch.data);
if (encrypted_response)
- krb5_free_enc_data(context, encrypted_response);
+ krb5_free_enc_data(context, encrypted_response);
if (local_resp)
- krb5_free_fast_response(context, local_resp);
+ krb5_free_fast_response(context, local_resp);
return retval;
}
@@ -319,91 +320,91 @@ static krb5_error_code decrypt_fast_reply
*/
krb5_error_code
krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_state *state,
- krb5_error **err_replyptr , krb5_pa_data ***out_padata,
- krb5_boolean *retry)
+ krb5_error **err_replyptr , krb5_pa_data ***out_padata,
+ krb5_boolean *retry)
{
krb5_error_code retval = 0;
krb5_error *err_reply = *err_replyptr;
*out_padata = NULL;
*retry = 0;
if (state->armor_key) {
- krb5_pa_data *fx_error_pa;
- krb5_pa_data **result = NULL;
- krb5_data scratch, *encoded_td = NULL;
- krb5_error *fx_error = NULL;
- krb5_fast_response *fast_response = NULL;
- retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
- if (retval == 0)
- retval = decrypt_fast_reply(context, state, result, &fast_response);
- if (retval) {
- /*This can happen if the KDC does not understand FAST. We
- * don't expect that, but treating it as the fatal error
- * indicated by the KDC seems reasonable.
- */
- *retry = 0;
- krb5_free_pa_data(context, result);
- return 0;
- }
- krb5_free_pa_data(context, result);
- result = NULL;
- if (retval == 0) {
- fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR);
- if (fx_error_pa == NULL) {
- krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container");
- retval = KRB5KDC_ERR_PREAUTH_FAILED;
- }
- }
- if (retval == 0) {
- scratch.data = (char *) fx_error_pa->contents;
- scratch.length = fx_error_pa->length;
- retval = decode_krb5_error(&scratch, &fx_error);
- }
- /*
- * krb5_pa_data and krb5_typed_data are safe to cast between:
- * they have the same type fields in the same order.
- * (krb5_preauthtype is a krb5_int32). If krb5_typed_data is
- * ever changed then this will need to be a copy not a cast.
- */
- if (retval == 0)
- retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata,
- &encoded_td);
- if (retval == 0) {
- fx_error->e_data = *encoded_td;
- free(encoded_td); /*contents owned by fx_error*/
- encoded_td = NULL;
- krb5_free_error(context, err_reply);
- *err_replyptr = fx_error;
- fx_error = NULL;
- *out_padata = fast_response->padata;
- fast_response->padata = NULL;
- /*
- * If there is more than the fx_error padata, then we want
- * to retry the error if a cookie is present
- */
- *retry = (*out_padata)[1] != NULL;
- if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL)
- *retry = 0;
- }
- if (fx_error)
- krb5_free_error(context, fx_error);
- krb5_free_fast_response(context, fast_response);
+ krb5_pa_data *fx_error_pa;
+ krb5_pa_data **result = NULL;
+ krb5_data scratch, *encoded_td = NULL;
+ krb5_error *fx_error = NULL;
+ krb5_fast_response *fast_response = NULL;
+ retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
+ if (retval == 0)
+ retval = decrypt_fast_reply(context, state, result, &fast_response);
+ if (retval) {
+ /*This can happen if the KDC does not understand FAST. We
+ * don't expect that, but treating it as the fatal error
+ * indicated by the KDC seems reasonable.
+ */
+ *retry = 0;
+ krb5_free_pa_data(context, result);
+ return 0;
+ }
+ krb5_free_pa_data(context, result);
+ result = NULL;
+ if (retval == 0) {
+ fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR);
+ if (fx_error_pa == NULL) {
+ krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container");
+ retval = KRB5KDC_ERR_PREAUTH_FAILED;
+ }
+ }
+ if (retval == 0) {
+ scratch.data = (char *) fx_error_pa->contents;
+ scratch.length = fx_error_pa->length;
+ retval = decode_krb5_error(&scratch, &fx_error);
+ }
+ /*
+ * krb5_pa_data and krb5_typed_data are safe to cast between:
+ * they have the same type fields in the same order.
+ * (krb5_preauthtype is a krb5_int32). If krb5_typed_data is
+ * ever changed then this will need to be a copy not a cast.
+ */
+ if (retval == 0)
+ retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata,
+ &encoded_td);
+ if (retval == 0) {
+ fx_error->e_data = *encoded_td;
+ free(encoded_td); /*contents owned by fx_error*/
+ encoded_td = NULL;
+ krb5_free_error(context, err_reply);
+ *err_replyptr = fx_error;
+ fx_error = NULL;
+ *out_padata = fast_response->padata;
+ fast_response->padata = NULL;
+ /*
+ * If there is more than the fx_error padata, then we want
+ * to retry the error if a cookie is present
+ */
+ *retry = (*out_padata)[1] != NULL;
+ if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL)
+ *retry = 0;
+ }
+ if (fx_error)
+ krb5_free_error(context, fx_error);
+ krb5_free_fast_response(context, fast_response);
} else { /*not FAST*/
- *retry = (err_reply->e_data.length > 0);
- if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED
- ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) {
- krb5_pa_data **result = NULL;
- retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
- if (retval == 0)
- if (retval == 0) {
- *out_padata = result;
+ *retry = (err_reply->e_data.length > 0);
+ if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED
+ ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) {
+ krb5_pa_data **result = NULL;
+ retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
+ if (retval == 0)
+ if (retval == 0) {
+ *out_padata = result;
- return 0;
- }
- krb5_free_pa_data(context, result);
- krb5_set_error_message(context, retval,
- "Error decoding padata in error reply");
- return retval;
- }
+ return 0;
+ }
+ krb5_free_pa_data(context, result);
+ krb5_set_error_message(context, retval,
+ "Error decoding padata in error reply");
+ return retval;
+ }
}
return retval;
}
@@ -421,61 +422,61 @@ krb5_error_code krb5int_fast_process_response
krb5_clear_error_message(context);
*strengthen_key = NULL;
if (state->armor_key == 0)
- return 0;
- retval = decrypt_fast_reply(context, state, resp->padata,
- &fast_response);
+ return 0;
+ retval = decrypt_fast_reply(context, state, resp->padata,
+ &fast_response);
if (retval == 0) {
- if (fast_response->finished == 0) {
- retval = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply");
- }
+ if (fast_response->finished == 0) {
+ retval = KRB5_KDCREP_MODIFIED;
+ krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply");
+ }
}
if (retval == 0)
- retval = encode_krb5_ticket(resp->ticket, &encoded_ticket);
+ retval = encode_krb5_ticket(resp->ticket, &encoded_ticket);
if (retval == 0)
- retval = krb5_c_verify_checksum(context, state->armor_key,
- KRB5_KEYUSAGE_FAST_FINISHED,
- encoded_ticket,
- &fast_response->finished->ticket_checksum,
- &cksum_valid);
+ retval = krb5_c_verify_checksum(context, state->armor_key,
+ KRB5_KEYUSAGE_FAST_FINISHED,
+ encoded_ticket,
+ &fast_response->finished->ticket_checksum,
+ &cksum_valid);
if (retval == 0 && cksum_valid == 0) {
- retval = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, retval, "ticket modified in KDC reply");
+ retval = KRB5_KDCREP_MODIFIED;
+ krb5_set_error_message(context, retval, "ticket modified in KDC reply");
}
if (retval == 0) {
- krb5_free_principal(context, resp->client);
- resp->client = fast_response->finished->client;
- fast_response->finished->client = NULL;
- *strengthen_key = fast_response->strengthen_key;
- fast_response->strengthen_key = NULL;
- krb5_free_pa_data(context, resp->padata);
- resp->padata = fast_response->padata;
- fast_response->padata = NULL;
+ krb5_free_principal(context, resp->client);
+ resp->client = fast_response->finished->client;
+ fast_response->finished->client = NULL;
+ *strengthen_key = fast_response->strengthen_key;
+ fast_response->strengthen_key = NULL;
+ krb5_free_pa_data(context, resp->padata);
+ resp->padata = fast_response->padata;
+ fast_response->padata = NULL;
}
if (fast_response)
- krb5_free_fast_response(context, fast_response);
+ krb5_free_fast_response(context, fast_response);
if (encoded_ticket)
- krb5_free_data(context, encoded_ticket);
+ krb5_free_data(context, encoded_ticket);
return retval;
}
krb5_error_code krb5int_fast_reply_key(krb5_context context,
- krb5_keyblock *strengthen_key,
- krb5_keyblock *existing_key,
- krb5_keyblock *out_key)
+ krb5_keyblock *strengthen_key,
+ krb5_keyblock *existing_key,
+ krb5_keyblock *out_key)
{
krb5_keyblock *key = NULL;
krb5_error_code retval = 0;
krb5_free_keyblock_contents(context, out_key);
if (strengthen_key) {
- retval = krb5_c_fx_cf2_simple(context, strengthen_key,
- "strengthenkey", existing_key, "replykey", &key);
- if (retval == 0) {
- *out_key = *key;
- free(key);
- }
+ retval = krb5_c_fx_cf2_simple(context, strengthen_key,
+ "strengthenkey", existing_key, "replykey", &key);
+ if (retval == 0) {
+ *out_key = *key;
+ free(key);
+ }
} else {
- retval = krb5_copy_keyblock_contents(context, existing_key, out_key);
+ retval = krb5_copy_keyblock_contents(context, existing_key, out_key);
}
return retval;
}
@@ -487,7 +488,7 @@ krb5int_fast_make_state( krb5_context context, struct krb5int_fast_request_state
struct krb5int_fast_request_state *local_state ;
local_state = malloc(sizeof *local_state);
if (local_state == NULL)
- return ENOMEM;
+ return ENOMEM;
memset(local_state, 0, sizeof(*local_state));
*state = local_state;
return 0;
@@ -505,16 +506,15 @@ krb5int_fast_free_state( krb5_context context, struct krb5int_fast_request_state
krb5_pa_data * krb5int_find_pa_data
(krb5_context context, krb5_pa_data *const *padata, krb5_preauthtype pa_type)
{
- krb5_pa_data * const *tmppa;
+ krb5_pa_data * const *tmppa;
if (padata == NULL)
- return NULL;
+ return NULL;
for (tmppa = padata; *tmppa != NULL; tmppa++) {
- if ((*tmppa)->pa_type == pa_type)
- break;
+ if ((*tmppa)->pa_type == pa_type)
+ break;
}
return *tmppa;
}
-
generated by cgit (git 2.34.1) at 2024-09-20 01:44:25 +0000