summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc/kerberos4.c
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-10-27 11:35:07 +0100
committerStefan Metzmacher <metze@samba.org>2008-10-28 08:53:09 +0100
commit2b29b7186459d945ec448694164bfe4239b30d72 (patch)
tree561495b1870facf03f7892559a184f4f49df1fe2 /source4/heimdal/kdc/kerberos4.c
parent698b7fd43658d9e96d28f26c9e1dae5e770bb57f (diff)
downloadsamba-2b29b7186459d945ec448694164bfe4239b30d72.tar.gz
s4: import lorikeet-heimdal-200810271034
metze
Diffstat (limited to 'source4/heimdal/kdc/kerberos4.c')
-rw-r--r--source4/heimdal/kdc/kerberos4.c132
1 files changed, 66 insertions, 66 deletions
diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c
index 3e9a70057e4..2bd23839405 100644
--- a/source4/heimdal/kdc/kerberos4.c
+++ b/source4/heimdal/kdc/kerberos4.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -58,7 +58,7 @@ static void
make_err_reply(krb5_context context, krb5_data *reply,
int code, const char *msg)
{
- _krb5_krb_cr_err_reply(context, "", "", "",
+ _krb5_krb_cr_err_reply(context, "", "", "",
kdc_time, code, msg, reply);
}
@@ -106,8 +106,8 @@ _kdc_db_fetch4(krb5_context context,
ctx.config = config;
ctx.flags = flags;
-
- ret = krb5_425_conv_principal_ext2(context, name, instance, realm,
+
+ ret = krb5_425_conv_principal_ext2(context, name, instance, realm,
valid_princ, &ctx, 0, &p);
if(ret)
return ret;
@@ -125,7 +125,7 @@ _kdc_db_fetch4(krb5_context context,
*/
krb5_error_code
-_kdc_do_version4(krb5_context context,
+_kdc_do_version4(krb5_context context,
krb5_kdc_configuration *config,
unsigned char *buf,
size_t len,
@@ -193,7 +193,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s",
client_name, from, server_name);
- ret = _kdc_db_fetch4(context, config, name, inst, realm,
+ ret = _kdc_db_fetch4(context, config, name, inst, realm,
HDB_F_GET_CLIENT, &client);
if(ret) {
kdc_log(context, config, 0, "Client not found in database: %s: %s",
@@ -212,7 +212,7 @@ _kdc_do_version4(krb5_context context,
goto out1;
}
- ret = _kdc_check_flags (context, config,
+ ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
TRUE);
@@ -254,7 +254,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for client");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for client");
goto out1;
}
@@ -262,7 +262,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out1;
}
@@ -274,7 +274,7 @@ _kdc_do_version4(krb5_context context,
max_life = min(max_life, *server->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
-
+
ret = krb5_generate_random_keyblock(context,
ETYPE_DES_PCBC_NONE,
&session);
@@ -318,7 +318,7 @@ _kdc_do_version4(krb5_context context,
krb5_free_keyblock_contents(context, &session);
krb5_data_free(&ticket);
if (ret) {
- make_err_reply(context, reply, KFAILURE,
+ make_err_reply(context, reply, KFAILURE,
"Failed to create v4 cipher");
goto out1;
}
@@ -362,9 +362,9 @@ _kdc_do_version4(krb5_context context,
&tgt_princ);
if(ret){
kdc_log(context, config, 0,
- "Converting krbtgt principal (krb4): %s",
+ "Converting krbtgt principal (krb4): %s",
krb5_get_err_text(context, ret));
- make_err_reply(context, reply, KFAILURE,
+ make_err_reply(context, reply, KFAILURE,
"Failed to convert v4 principal (krbtgt)");
goto out2;
}
@@ -374,7 +374,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
char *s;
s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not "
- "found in database (krb4): krbtgt.%s@%s: %s",
+ "found in database (krb4): krbtgt.%s@%s: %s",
realm, config->v4_realm,
krb5_get_err_text(context, ret));
make_err_reply(context, reply, KFAILURE, s);
@@ -385,7 +385,7 @@ _kdc_do_version4(krb5_context context,
if(tgt->entry.kvno % 256 != kvno){
kdc_log(context, config, 0,
"tgs-req (krb4) with old kvno %d (current %d) for "
- "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
+ "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
"old krbtgt kvno used");
@@ -394,9 +394,9 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey);
if(ret){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"no suitable DES key for krbtgt (krb4)");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for krbtgt");
goto out2;
}
@@ -414,7 +414,7 @@ _kdc_do_version4(krb5_context context,
else
address = 0;
- ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm,
+ ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm,
config->v4_realm,
address, &tkey->key, &ad);
if(ret){
@@ -440,15 +440,15 @@ _kdc_do_version4(krb5_context context,
client_name, from, server_name);
if(strcmp(ad.prealm, realm)){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
- make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms");
goto out2;
}
if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"krb4 Cross-realm %s -> %s disabled",
realm, config->v4_realm);
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
@@ -457,9 +457,9 @@ _kdc_do_version4(krb5_context context,
}
if(strcmp(sname, "changepw") == 0){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Bad request for changepw ticket (krb4)");
- make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't authorize password change based on TGT");
goto out2;
}
@@ -497,7 +497,7 @@ _kdc_do_version4(krb5_context context,
goto out2;
}
- ret = _kdc_check_flags (context, config,
+ ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
FALSE);
@@ -509,9 +509,9 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"no suitable DES key for server (krb4)");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out2;
}
@@ -589,7 +589,7 @@ _kdc_do_version4(krb5_context context,
"failed to create v4 cipher");
goto out2;
}
-
+
ret = _krb5_krb_create_auth_reply(context,
ad.pname,
ad.pinst,
@@ -614,7 +614,7 @@ _kdc_do_version4(krb5_context context,
ret = EINVAL;
break;
default:
- kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s",
+ kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s",
msg_type, from);
make_err_reply(context, reply, KFAILURE, "Unknown message type");
@@ -640,7 +640,7 @@ _kdc_do_version4(krb5_context context,
}
krb5_error_code
-_kdc_encode_v4_ticket(krb5_context context,
+_kdc_encode_v4_ticket(krb5_context context,
krb5_kdc_configuration *config,
void *buf, size_t len, const EncTicketPart *et,
const PrincipalName *service, size_t *size)
@@ -656,7 +656,7 @@ _kdc_encode_v4_ticket(krb5_context context,
&princ,
*service,
et->crealm);
- ret = krb5_524_conv_principal(context,
+ ret = krb5_524_conv_principal(context,
princ,
sname,
sinst,
@@ -669,8 +669,8 @@ _kdc_encode_v4_ticket(krb5_context context,
&princ,
et->cname,
et->crealm);
-
- ret = krb5_524_conv_principal(context,
+
+ ret = krb5_524_conv_principal(context,
princ,
name,
inst,
@@ -681,7 +681,7 @@ _kdc_encode_v4_ticket(krb5_context context,
return ret;
sp = krb5_storage_emem();
-
+
krb5_store_int8(sp, 0); /* flags */
krb5_store_stringz(sp, name);
krb5_store_stringz(sp, inst);
@@ -702,11 +702,11 @@ _kdc_encode_v4_ticket(krb5_context context,
if((et->key.keytype != ETYPE_DES_CBC_MD5 &&
et->key.keytype != ETYPE_DES_CBC_MD4 &&
- et->key.keytype != ETYPE_DES_CBC_CRC) ||
+ et->key.keytype != ETYPE_DES_CBC_CRC) ||
et->key.keyvalue.length != 8)
return -1;
krb5_storage_write(sp, et->key.keyvalue.data, 8);
-
+
{
time_t start = et->starttime ? *et->starttime : et->authtime;
krb5_store_int8(sp, krb_time_to_life(start, et->endtime));
@@ -715,7 +715,7 @@ _kdc_encode_v4_ticket(krb5_context context,
krb5_store_stringz(sp, sname);
krb5_store_stringz(sp, sinst);
-
+
{
krb5_data data;
krb5_storage_to_data(sp, &data);
@@ -731,19 +731,19 @@ _kdc_encode_v4_ticket(krb5_context context,
}
krb5_error_code
-_kdc_get_des_key(krb5_context context,
- hdb_entry_ex *principal, krb5_boolean is_server,
+_kdc_get_des_key(krb5_context context,
+ hdb_entry_ex *principal, krb5_boolean is_server,
krb5_boolean prefer_afs_key, Key **ret_key)
{
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
int i;
- krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5,
- ETYPE_DES_CBC_MD4,
+ krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5,
+ ETYPE_DES_CBC_MD4,
ETYPE_DES_CBC_CRC };
for(i = 0;
i < sizeof(etypes)/sizeof(etypes[0])
- && (v5_key == NULL || v4_key == NULL ||
+ && (v5_key == NULL || v4_key == NULL ||
afs_key == NULL || server_key == NULL);
++i) {
Key *key = NULL;
@@ -751,7 +751,7 @@ _kdc_get_des_key(krb5_context context,
if(key->salt == NULL) {
if(v5_key == NULL)
v5_key = key;
- } else if(key->salt->type == hdb_pw_salt &&
+ } else if(key->salt->type == hdb_pw_salt &&
key->salt->salt.length == 0) {
if(v4_key == NULL)
v4_key = key;