diff options
author | Günther Deschner <gd@samba.org> | 2007-02-27 13:31:42 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:13 -0500 |
commit | 4e00351fd426e6c016fd433887f62deda632f0aa (patch) | |
tree | bd3384464a685b748d3000a96b1908ea6886cada /source3/libads/kerberos_verify.c | |
parent | 59e8bd617b921166edc86b01e522f5ef81fc06f7 (diff) | |
download | samba-4e00351fd426e6c016fd433887f62deda632f0aa.tar.gz samba-4e00351fd426e6c016fd433887f62deda632f0aa.tar.bz2 samba-4e00351fd426e6c016fd433887f62deda632f0aa.zip |
r21558: Safe more indent, again no code changes.
Guenther
(This used to be commit 7b18a4730d61c04867fc11df8980943d422589d8)
Diffstat (limited to 'source3/libads/kerberos_verify.c')
-rw-r--r-- | source3/libads/kerberos_verify.c | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 72b6ac34e9..2c114b1240 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -96,44 +96,44 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut goto out; } - for (i = 0; i < sizeof(valid_princ_formats) / sizeof(valid_princ_formats[0]); i++) { - if (strequal(entry_princ_s, valid_princ_formats[i])) { - number_matched_principals++; - p_packet->length = ticket->length; - p_packet->data = (char *)ticket->data; - *pp_tkt = NULL; - - ret = krb5_rd_req_return_keyblock_from_keytab(context, &auth_context, p_packet, - kt_entry.principal, keytab, - NULL, pp_tkt, keyblock); - - if (ret) { - DEBUG(10,("ads_keytab_verify_ticket: " - "krb5_rd_req_return_keyblock_from_keytab(%s) failed: %s\n", - entry_princ_s, error_message(ret))); - - /* workaround for MIT: - * as krb5_ktfile_get_entry will - * explicitly close the - * krb5_keytab as soon as - * krb5_rd_req has sucessfully - * decrypted the ticket but the - * ticket is not valid yet (due - * to clockskew) there is no - * point in querying more - * keytab entries - Guenther */ - - if (ret == KRB5KRB_AP_ERR_TKT_NYV || - ret == KRB5KRB_AP_ERR_TKT_EXPIRED) { - break; - } - } else { - DEBUG(3,("ads_keytab_verify_ticket: " - "krb5_rd_req_return_keyblock_from_keytab succeeded for principal %s\n", - entry_princ_s)); - auth_ok = True; + for (i = 0; i < ARRAY_SIZE(valid_princ_formats); i++) { + + if (!strequal(entry_princ_s, valid_princ_formats[i])) { + continue; + } + + number_matched_principals++; + p_packet->length = ticket->length; + p_packet->data = (char *)ticket->data; + *pp_tkt = NULL; + + ret = krb5_rd_req_return_keyblock_from_keytab(context, &auth_context, p_packet, + kt_entry.principal, keytab, + NULL, pp_tkt, keyblock); + + if (ret) { + DEBUG(10,("ads_keytab_verify_ticket: " + "krb5_rd_req_return_keyblock_from_keytab(%s) failed: %s\n", + entry_princ_s, error_message(ret))); + + /* workaround for MIT: + * as krb5_ktfile_get_entry will explicitly + * close the krb5_keytab as soon as krb5_rd_req + * has sucessfully decrypted the ticket but the + * ticket is not valid yet (due to clockskew) + * there is no point in querying more keytab + * entries - Guenther */ + + if (ret == KRB5KRB_AP_ERR_TKT_NYV || + ret == KRB5KRB_AP_ERR_TKT_EXPIRED) { break; } + } else { + DEBUG(3,("ads_keytab_verify_ticket: " + "krb5_rd_req_return_keyblock_from_keytab succeeded for principal %s\n", + entry_princ_s)); + auth_ok = True; + break; } } @@ -150,7 +150,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut out: - for (i = 0; i < sizeof(valid_princ_formats) / sizeof(valid_princ_formats[0]); i++) { + for (i = 0; i < ARRAY_SIZE(valid_princ_formats); i++) { SAFE_FREE(valid_princ_formats[i]); } |