diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:11:01 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:11:01 +0000 |
| commit | 008a1ff2e7baf6a03ccdeb4b2b58d3e75e7cefa4 (patch) | |
| tree | 141dea1a22c3e9ce7568fe22923b709f11d9f487 | |
| parent | ba5014c6e89edbe3b2f52d39740d514fd792e1a9 (diff) | |
| download | krb5-anonymous.tar.gz | |
make reindentanonymous
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23526 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/k5-int.h | 2 | ||||
| -rw-r--r-- | src/include/krb5/krb5.hin | 2 | ||||
| -rw-r--r-- | src/kadmin/cli/kadmin.c | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/import_name.c | 2 | ||||
| -rw-r--r-- | src/lib/kadm5/admin.h | 10 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_init.c | 18 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_init.c | 12 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 16 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gic_opt.c | 5 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 8 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_srv.c | 96 |
12 files changed, 90 insertions, 91 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 1f6210936..a70eae9c5 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1527,7 +1527,7 @@ void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context, krb5_priv_enc_part *); /* allow either constructed or primitive encoding, so check for bit 6 set or reset */ #define krb5int_is_app_tag(dat,tag) \ - ((dat != NULL) && (dat)->length && \ + ((dat != NULL) && (dat)->length && \ ((((dat)->data[0] & ~0x20) == ((tag) | 0x40)))) #define krb5_is_krb_ticket(dat) krb5int_is_app_tag(dat, 1) #define krb5_is_krb_authenticator(dat) krb5int_is_app_tag(dat, 2) diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 6d8b7217b..db01220ae 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -939,7 +939,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, #define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 #define TKT_FLG_OK_AS_DELEGATE 0x00040000 #define TKT_FLG_ENC_PA_REP 0x00010000 - #define TKT_FLG_ANONYMOUS 0x00008000 +#define TKT_FLG_ANONYMOUS 0x00008000 /* #define TKT_FLG_RESERVED 0x00004000 */ /* #define TKT_FLG_RESERVED 0x00002000 */ /* #define TKT_FLG_RESERVED 0x00001000 */ diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 767730163..1bcf891ed 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -299,7 +299,7 @@ kadmin_startup(int argc, char *argv[]) case 'n': use_anonymous++; break; - case 't': + case 't': keytab_name = optarg; break; case 'w': @@ -496,8 +496,8 @@ kadmin_startup(int argc, char *argv[]) printf("Authenticating as principal %s with password; anonymous requested.\n", princstr); retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms, - KADM5_STRUCT_VERSION, - KADM5_API_VERSION_3, db_args, &handle); + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_3, db_args, &handle); } else if (use_keytab) { if (keytab_name) printf("Authenticating as principal %s with keytab %s.\n", diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index 57282d916..cfb75fb22 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -161,7 +161,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, krb5_free_context(context); *minor_status = code; return GSS_S_FAILURE; - } + } } else { #ifndef NO_PASSWORD diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 653b2cf52..8fad11177 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -339,11 +339,11 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char **db_args, void **server_handle); kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index c9b53b4e1..82033e9fd 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -130,12 +130,12 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, } kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { return _kadm5_init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL, service_name, params, struct_version, @@ -573,7 +573,7 @@ kadm5_gic_iter(kadm5_server_handle_t handle, krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache); if (init_type == INIT_ANONYMOUS) krb5_get_init_creds_opt_set_anonymous(opt, 1); - } + } if (init_type == INIT_PASS || init_type == INIT_ANONYMOUS) { code = krb5_get_init_creds_password(ctx, &outcreds, client, pass, @@ -660,8 +660,8 @@ kadm5_setup_gss(kadm5_server_handle_t handle, if (client_name) { buf.value = client_name; buf.length = strlen((char *)buf.value) + 1; - gssstat = gss_import_name(&minor_stat, &buf, - (gss_OID) gss_nt_krb5_name, &gss_client); + gssstat = gss_import_name(&minor_stat, &buf, + (gss_OID) gss_nt_krb5_name, &gss_client); } else gss_client = GSS_C_NO_NAME; if (gssstat != GSS_S_COMPLETE) { diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index 1941d93c1..557ef0ad4 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -105,12 +105,12 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, } kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { return kadm5_init(context, client_name, NULL, service_name, params, struct_version, api_version, db_args, diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index f20ba54b3..ac1dce3fa 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -376,7 +376,7 @@ verify_as_reply(krb5_context context, IS_TGS_PRINC(context, as_reply->enc_part2->server); if ((!canon_ok ) && (request->kdc_options &KDC_OPT_REQUEST_ANONYMOUS)) canon_ok = krb5_principal_compare_any_realm(context, as_reply->client, - krb5_anonymous_principal()); + krb5_anonymous_principal()); } else canon_ok = 0; @@ -1605,17 +1605,17 @@ krb5_init_creds_init(krb5_context context, if (client->length == 1 && client->data[0].length ==0) { krb5_principal new_client; code = krb5_build_principal_ext(context, &new_client, client->realm.length, - client->realm.data, - strlen(KRB5_WELLKNOWN_NAMESTR), - KRB5_WELLKNOWN_NAMESTR, - strlen(KRB5_ANONYMOUS_PRINCSTR), - KRB5_ANONYMOUS_PRINCSTR, - 0); + client->realm.data, + strlen(KRB5_WELLKNOWN_NAMESTR), + KRB5_WELLKNOWN_NAMESTR, + strlen(KRB5_ANONYMOUS_PRINCSTR), + KRB5_ANONYMOUS_PRINCSTR, + 0); if (code) goto cleanup; krb5_free_principal(context, ctx->request->client); ctx->request->client = new_client; - krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN; + krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN; } } /*We will also handle anonymous if the input principal is the anonymous principal*/ diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c index 6a7809f10..d92e05692 100644 --- a/src/lib/krb5/krb/gic_opt.c +++ b/src/lib/krb5/krb/gic_opt.c @@ -525,7 +525,7 @@ krb5_get_init_creds_opt_set_fast_flags(krb5_context context, if (retval) return retval; opte->opt_private->fast_flags = flags; - return retval; + return retval; } krb5_error_code KRB5_CALLCONV @@ -543,6 +543,5 @@ krb5_get_init_creds_opt_get_fast_flags(krb5_context context, if (retval) return retval; *out_flags = opte->opt_private->fast_flags; - return retval; + return retval; } - diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 80c55c944..8f17f7e4a 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -353,10 +353,10 @@ pkinit_as_req_create(krb5_context context, reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, (unsigned char *)coded_auth_pack->data, coded_auth_pack->length, &req->signedAuthPack.data, &req->signedAuthPack.length); - else retval = cms_signeddata_create(context, plgctx->cryptoctx, - reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1, - (unsigned char *)coded_auth_pack->data, coded_auth_pack->length, - &req->signedAuthPack.data, &req->signedAuthPack.length); + else retval = cms_signeddata_create(context, plgctx->cryptoctx, + reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1, + (unsigned char *)coded_auth_pack->data, coded_auth_pack->length, + &req->signedAuthPack.data, &req->signedAuthPack.length); #ifdef DEBUG_ASN1 print_buffer_bin((unsigned char *)req->signedAuthPack.data, req->signedAuthPack.length, diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index fc1b1bc38..887ec0627 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -1122,7 +1122,7 @@ cms_signeddata_verify(krb5_context context, unsigned char **authz_data, unsigned int *authz_data_len, int *is_signed) - { +{ krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED; PKCS7 *p7 = NULL; BIO *out = NULL; @@ -1190,7 +1190,7 @@ cms_signeddata_verify(krb5_context context, OBJ_obj2nid(p7->type)); krb5_set_error_message(context, retval, "wrong oid\n"); goto cleanup; - } + } /* setup to verify X509 certificate used to sign PKCS7 message */ if (!(store = X509_STORE_new())) diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c index 76330353b..34700ad18 100644 --- a/src/plugins/preauth/pkinit/pkinit_srv.c +++ b/src/plugins/preauth/pkinit/pkinit_srv.c @@ -603,55 +603,55 @@ return_pkinit_kx( krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *rep krb5_pa_data *pa = NULL; krb5_enc_data enc; krb5_data *scratch = NULL; - *out_padata = NULL; - enc.ciphertext.data = NULL; - if (!krb5_principal_compare(context, request->client, - krb5_anonymous_principal())) - return 0; - /* - *The KDC contribution key needs to be a fresh key of an - *enctype supported by the client and server. The existing - *session key meets these requirements so we use itt. - */ - ret = krb5_c_fx_cf2_simple(context, session, "PKINIT", - encrypting_key, "KEYEXCHANGE", - &new_session); - if (ret) - goto cleanup; - ret = encode_krb5_encryption_key( session, &scratch); - if (ret) - goto cleanup; - ret = krb5_encrypt_helper( context, encrypting_key, KRB5_KEYUSAGE_PA_PKINIT_KX, - scratch, &enc); - if (ret) - goto cleanup; - memset(scratch->data, 0, scratch->length); - krb5_free_data(context, scratch); - scratch = NULL; - ret = encode_krb5_enc_data(&enc, &scratch); - if (ret) - goto cleanup; - pa = malloc(sizeof(krb5_pa_data)); - if (pa == NULL) { - ret = ENOMEM; - goto cleanup; - } - if (ret) - goto cleanup; - pa->pa_type = KRB5_PADATA_PKINIT_KX; - pa->length = scratch->length; - pa->contents = (krb5_octet *) scratch->data; - *out_padata = pa; - scratch->data = NULL; - memset(session->contents, 0, session->length); - krb5_free_keyblock_contents(context, session); - *session = *new_session; - new_session->contents = NULL; + *out_padata = NULL; + enc.ciphertext.data = NULL; + if (!krb5_principal_compare(context, request->client, + krb5_anonymous_principal())) + return 0; + /* + *The KDC contribution key needs to be a fresh key of an + *enctype supported by the client and server. The existing + *session key meets these requirements so we use itt. + */ + ret = krb5_c_fx_cf2_simple(context, session, "PKINIT", + encrypting_key, "KEYEXCHANGE", + &new_session); + if (ret) + goto cleanup; + ret = encode_krb5_encryption_key( session, &scratch); + if (ret) + goto cleanup; + ret = krb5_encrypt_helper( context, encrypting_key, KRB5_KEYUSAGE_PA_PKINIT_KX, + scratch, &enc); + if (ret) + goto cleanup; + memset(scratch->data, 0, scratch->length); + krb5_free_data(context, scratch); + scratch = NULL; + ret = encode_krb5_enc_data(&enc, &scratch); + if (ret) + goto cleanup; + pa = malloc(sizeof(krb5_pa_data)); + if (pa == NULL) { + ret = ENOMEM; + goto cleanup; + } + if (ret) + goto cleanup; + pa->pa_type = KRB5_PADATA_PKINIT_KX; + pa->length = scratch->length; + pa->contents = (krb5_octet *) scratch->data; + *out_padata = pa; + scratch->data = NULL; + memset(session->contents, 0, session->length); + krb5_free_keyblock_contents(context, session); + *session = *new_session; + new_session->contents = NULL; cleanup: - krb5_free_data_contents(context, &enc.ciphertext); - krb5_free_keyblock(context, new_session); - krb5_free_data(context, scratch); - return ret; + krb5_free_data_contents(context, &enc.ciphertext); + krb5_free_keyblock(context, new_session); + krb5_free_data(context, scratch); + return ret; } static krb5_error_code |