summaryrefslogtreecommitdiffstats
path: root/src/plugins/preauth/securid_sam2
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/preauth/securid_sam2')
-rw-r--r--src/plugins/preauth/securid_sam2/securid2.c22
-rw-r--r--src/plugins/preauth/securid_sam2/securid_sam2_main.c92
2 files changed, 58 insertions, 56 deletions
diff --git a/src/plugins/preauth/securid_sam2/securid2.c b/src/plugins/preauth/securid_sam2/securid2.c
index be6a32b4a..816946eeb 100644
--- a/src/plugins/preauth/securid_sam2/securid2.c
+++ b/src/plugins/preauth/securid_sam2/securid2.c
@@ -363,11 +363,11 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client,
if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) ||
(sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0)) {
- retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval,
- "No preauth data supplied in "
- "verify_securid_data_2 (%s)", user);
- goto cleanup;
+ retval = KRB5KDC_ERR_PREAUTH_FAILED;
+ krb5_set_error_message(context, retval,
+ "No preauth data supplied in "
+ "verify_securid_data_2 (%s)", user);
+ goto cleanup;
}
retval = krb5_dbe_find_enctype(context, client,
@@ -463,7 +463,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client,
com_err("krb5kdc", retval,
"while decrypting SecurID trackID in "
"verify_securid_data_2 (%s)", user);
- goto cleanup;
+ goto cleanup;
}
if (track_id_data.length < sizeof (struct securid_track_data)) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
@@ -682,11 +682,11 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client,
retval = securid_encrypt_track_data_2(context, client, &tmp_data,
&sc2b.sam_track_id);
if (retval) {
- com_err("krb5kdc", retval,
- "while encrypting SecurID track "
- "data for SAM_CHALLENGE_2 (%s)",
- securid_user);
- goto cleanup;
+ com_err("krb5kdc", retval,
+ "while encrypting SecurID track "
+ "data for SAM_CHALLENGE_2 (%s)",
+ securid_user);
+ goto cleanup;
}
retval = securid_make_sam_challenge_2_and_cksum(context, sc2p,
&sc2b,
diff --git a/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
index 6bc65e85e..0c420d226 100644
--- a/src/plugins/preauth/securid_sam2/securid_sam2_main.c
+++ b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
@@ -61,7 +61,7 @@ sam_get_db_entry(krb5_context context, krb5_principal client,
krb5_error_code retval;
if (db_entry)
- *db_entry = NULL;
+ *db_entry = NULL;
retval = krb5_copy_principal(context, client, &newp);
if (retval) {
com_err("krb5kdc", retval, "copying client name for preauth probe");
@@ -71,45 +71,45 @@ sam_get_db_entry(krb5_context context, krb5_principal client,
probeslot = krb5_princ_size(context, newp)++;
ptr = realloc(krb5_princ_name(context, newp),
krb5_princ_size(context, newp) * sizeof(krb5_data));
- if (ptr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- krb5_princ_name(context, newp) = ptr;
+ if (ptr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ krb5_princ_name(context, newp) = ptr;
- for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
- if (*sam_type && *sam_type != sam_ptr->sam_type)
- continue;
+ for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
+ if (*sam_type && *sam_type != sam_ptr->sam_type)
+ continue;
- krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name;
- krb5_princ_component(context,newp,probeslot)->length =
- strlen(sam_ptr->name);
- retval = krb5_db_get_principal(context, newp, 0, &assoc);
- if (!retval)
- break;
- }
+ krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name;
+ krb5_princ_component(context,newp,probeslot)->length =
+ strlen(sam_ptr->name);
+ retval = krb5_db_get_principal(context, newp, 0, &assoc);
+ if (!retval)
+ break;
+ }
cleanup:
- if (ptr) {
- krb5_princ_component(context,newp,probeslot)->data = 0;
- krb5_princ_component(context,newp,probeslot)->length = 0;
- krb5_free_principal(context, newp);
- }
- if (probeslot)
- krb5_princ_size(context, newp)--;
- if (retval)
- return retval;
- if (sam_ptr->sam_type) {
- /* Found entry of type sam_ptr->sam_type */
- if (sam_type)
- *sam_type = sam_ptr->sam_type;
- if (db_entry)
- *db_entry = assoc;
- else
- krb5_db_free_principal(context, assoc);
- return 0;
- } else {
- return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
- }
+ if (ptr) {
+ krb5_princ_component(context,newp,probeslot)->data = 0;
+ krb5_princ_component(context,newp,probeslot)->length = 0;
+ krb5_free_principal(context, newp);
+ }
+ if (probeslot)
+ krb5_princ_size(context, newp)--;
+ if (retval)
+ return retval;
+ if (sam_ptr->sam_type) {
+ /* Found entry of type sam_ptr->sam_type */
+ if (sam_type)
+ *sam_type = sam_ptr->sam_type;
+ if (db_entry)
+ *db_entry = assoc;
+ else
+ krb5_db_free_principal(context, assoc);
+ return 0;
+ } else {
+ return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ }
}
static krb5_error_code
@@ -247,14 +247,16 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
break;
}
- /*
- * It is up to the method-specific verify routine to set the ticket flags to
- * indicate TKT_FLG_HW_AUTH and/or TKT_FLG_PRE_AUTH. Some methods may
- * require more than one round of dialog with the client and must return
- * successfully from their verify routine. If does not set the TGT flags,
- * the required_preauth conditions will not be met and it will try again to
- * get enough preauth data from the client. Do not set TGT flags here.
- */
+ /*
+ * It is up to the method-specific verify routine to set the
+ * ticket flags to indicate TKT_FLG_HW_AUTH and/or
+ * TKT_FLG_PRE_AUTH. Some methods may require more than one round
+ * of dialog with the client and must return successfully from
+ * their verify routine. If does not set the TGT flags, the
+ * required_preauth conditions will not be met and it will try
+ * again to get enough preauth data from the client. Do not set
+ * TGT flags here.
+ */
cleanup:
/*
* Note that e_data is an output even in error conditions. If we
generated by cgit (git 2.34.1) at 2024-07-03 23:46:32 +0000