diff options
Diffstat (limited to 'src/plugins/preauth/securid_sam2')
-rw-r--r-- | src/plugins/preauth/securid_sam2/securid2.c | 22 | ||||
-rw-r--r-- | src/plugins/preauth/securid_sam2/securid_sam2_main.c | 92 |
2 files changed, 58 insertions, 56 deletions
diff --git a/src/plugins/preauth/securid_sam2/securid2.c b/src/plugins/preauth/securid_sam2/securid2.c index be6a32b4a..816946eeb 100644 --- a/src/plugins/preauth/securid_sam2/securid2.c +++ b/src/plugins/preauth/securid_sam2/securid2.c @@ -363,11 +363,11 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) || (sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0)) { - retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(context, retval, - "No preauth data supplied in " - "verify_securid_data_2 (%s)", user); - goto cleanup; + retval = KRB5KDC_ERR_PREAUTH_FAILED; + krb5_set_error_message(context, retval, + "No preauth data supplied in " + "verify_securid_data_2 (%s)", user); + goto cleanup; } retval = krb5_dbe_find_enctype(context, client, @@ -463,7 +463,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, com_err("krb5kdc", retval, "while decrypting SecurID trackID in " "verify_securid_data_2 (%s)", user); - goto cleanup; + goto cleanup; } if (track_id_data.length < sizeof (struct securid_track_data)) { retval = KRB5KDC_ERR_PREAUTH_FAILED; @@ -682,11 +682,11 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, retval = securid_encrypt_track_data_2(context, client, &tmp_data, &sc2b.sam_track_id); if (retval) { - com_err("krb5kdc", retval, - "while encrypting SecurID track " - "data for SAM_CHALLENGE_2 (%s)", - securid_user); - goto cleanup; + com_err("krb5kdc", retval, + "while encrypting SecurID track " + "data for SAM_CHALLENGE_2 (%s)", + securid_user); + goto cleanup; } retval = securid_make_sam_challenge_2_and_cksum(context, sc2p, &sc2b, diff --git a/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/src/plugins/preauth/securid_sam2/securid_sam2_main.c index 6bc65e85e..0c420d226 100644 --- a/src/plugins/preauth/securid_sam2/securid_sam2_main.c +++ b/src/plugins/preauth/securid_sam2/securid_sam2_main.c @@ -61,7 +61,7 @@ sam_get_db_entry(krb5_context context, krb5_principal client, krb5_error_code retval; if (db_entry) - *db_entry = NULL; + *db_entry = NULL; retval = krb5_copy_principal(context, client, &newp); if (retval) { com_err("krb5kdc", retval, "copying client name for preauth probe"); @@ -71,45 +71,45 @@ sam_get_db_entry(krb5_context context, krb5_principal client, probeslot = krb5_princ_size(context, newp)++; ptr = realloc(krb5_princ_name(context, newp), krb5_princ_size(context, newp) * sizeof(krb5_data)); - if (ptr == NULL) { - retval = ENOMEM; - goto cleanup; - } - krb5_princ_name(context, newp) = ptr; + if (ptr == NULL) { + retval = ENOMEM; + goto cleanup; + } + krb5_princ_name(context, newp) = ptr; - for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) { - if (*sam_type && *sam_type != sam_ptr->sam_type) - continue; + for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) { + if (*sam_type && *sam_type != sam_ptr->sam_type) + continue; - krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name; - krb5_princ_component(context,newp,probeslot)->length = - strlen(sam_ptr->name); - retval = krb5_db_get_principal(context, newp, 0, &assoc); - if (!retval) - break; - } + krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name; + krb5_princ_component(context,newp,probeslot)->length = + strlen(sam_ptr->name); + retval = krb5_db_get_principal(context, newp, 0, &assoc); + if (!retval) + break; + } cleanup: - if (ptr) { - krb5_princ_component(context,newp,probeslot)->data = 0; - krb5_princ_component(context,newp,probeslot)->length = 0; - krb5_free_principal(context, newp); - } - if (probeslot) - krb5_princ_size(context, newp)--; - if (retval) - return retval; - if (sam_ptr->sam_type) { - /* Found entry of type sam_ptr->sam_type */ - if (sam_type) - *sam_type = sam_ptr->sam_type; - if (db_entry) - *db_entry = assoc; - else - krb5_db_free_principal(context, assoc); - return 0; - } else { - return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; - } + if (ptr) { + krb5_princ_component(context,newp,probeslot)->data = 0; + krb5_princ_component(context,newp,probeslot)->length = 0; + krb5_free_principal(context, newp); + } + if (probeslot) + krb5_princ_size(context, newp)--; + if (retval) + return retval; + if (sam_ptr->sam_type) { + /* Found entry of type sam_ptr->sam_type */ + if (sam_type) + *sam_type = sam_ptr->sam_type; + if (db_entry) + *db_entry = assoc; + else + krb5_db_free_principal(context, assoc); + return 0; + } else { + return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + } } static krb5_error_code @@ -247,14 +247,16 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, break; } - /* - * It is up to the method-specific verify routine to set the ticket flags to - * indicate TKT_FLG_HW_AUTH and/or TKT_FLG_PRE_AUTH. Some methods may - * require more than one round of dialog with the client and must return - * successfully from their verify routine. If does not set the TGT flags, - * the required_preauth conditions will not be met and it will try again to - * get enough preauth data from the client. Do not set TGT flags here. - */ + /* + * It is up to the method-specific verify routine to set the + * ticket flags to indicate TKT_FLG_HW_AUTH and/or + * TKT_FLG_PRE_AUTH. Some methods may require more than one round + * of dialog with the client and must return successfully from + * their verify routine. If does not set the TGT flags, the + * required_preauth conditions will not be met and it will try + * again to get enough preauth data from the client. Do not set + * TGT flags here. + */ cleanup: /* * Note that e_data is an output even in error conditions. If we |