summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/524.c94
-rw-r--r--source4/heimdal/kdc/default_config.c150
-rw-r--r--source4/heimdal/kdc/digest.c220
-rw-r--r--source4/heimdal/kdc/headers.h54
-rw-r--r--source4/heimdal/kdc/kaserver.c86
-rw-r--r--source4/heimdal/kdc/kdc.h58
-rw-r--r--source4/heimdal/kdc/kdc_locl.h54
-rw-r--r--source4/heimdal/kdc/kerberos4.c132
-rw-r--r--source4/heimdal/kdc/kerberos5.c340
-rw-r--r--source4/heimdal/kdc/krb5tgs.c50
-rw-r--r--source4/heimdal/kdc/kx509.c92
-rw-r--r--source4/heimdal/kdc/log.c58
-rw-r--r--source4/heimdal/kdc/misc.c56
-rw-r--r--source4/heimdal/kdc/pkinit.c218
-rw-r--r--source4/heimdal/kdc/process.c72
-rw-r--r--source4/heimdal/kdc/rx.h50
-rw-r--r--source4/heimdal/kdc/windc.c60
-rw-r--r--source4/heimdal/kdc/windc_plugin.h58
18 files changed, 951 insertions, 951 deletions
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c
index a46c9175b0..d15310384a 100644
--- a/source4/heimdal/kdc/524.c
+++ b/source4/heimdal/kdc/524.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -43,7 +43,7 @@ RCSID("$Id$");
*/
static krb5_error_code
-fetch_server (krb5_context context,
+fetch_server (krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t,
char **spn,
@@ -67,7 +67,7 @@ fetch_server (krb5_context context,
krb5_get_err_text(context, ret));
return ret;
}
- ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER,
+ ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER,
NULL, server);
krb5_free_principal(context, sprinc);
if (ret) {
@@ -82,7 +82,7 @@ fetch_server (krb5_context context,
}
static krb5_error_code
-log_524 (krb5_context context,
+log_524 (krb5_context context,
krb5_kdc_configuration *config,
const EncTicketPart *et,
const char *from,
@@ -92,7 +92,7 @@ log_524 (krb5_context context,
char *cpn;
krb5_error_code ret;
- ret = _krb5_principalname2krb5_principal(context, &client,
+ ret = _krb5_principalname2krb5_principal(context, &client,
et->cname, et->crealm);
if (ret) {
kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
@@ -113,7 +113,7 @@ log_524 (krb5_context context,
}
static krb5_error_code
-verify_flags (krb5_context context,
+verify_flags (krb5_context context,
krb5_kdc_configuration *config,
const EncTicketPart *et,
const char *spn)
@@ -135,7 +135,7 @@ verify_flags (krb5_context context,
*/
static krb5_error_code
-set_address (krb5_context context,
+set_address (krb5_context context,
krb5_kdc_configuration *config,
EncTicketPart *et,
struct sockaddr *addr,
@@ -154,7 +154,7 @@ set_address (krb5_context context,
kdc_log(context, config, 0, "Failed to convert address (%s)", from);
return ret;
}
-
+
if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) {
kdc_log(context, config, 0, "Incorrect network address (%s)", from);
krb5_free_address(context, v4_addr);
@@ -187,11 +187,11 @@ set_address (krb5_context context,
static krb5_error_code
-encrypt_v4_ticket(krb5_context context,
+encrypt_v4_ticket(krb5_context context,
krb5_kdc_configuration *config,
- void *buf,
- size_t len,
- krb5_keyblock *skey,
+ void *buf,
+ size_t len,
+ krb5_keyblock *skey,
EncryptedData *reply)
{
krb5_crypto crypto;
@@ -204,7 +204,7 @@ encrypt_v4_ticket(krb5_context context,
return ret;
}
- ret = krb5_encrypt_EncryptedData(context,
+ ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
@@ -221,10 +221,10 @@ encrypt_v4_ticket(krb5_context context,
}
static krb5_error_code
-encode_524_response(krb5_context context,
+encode_524_response(krb5_context context,
krb5_kdc_configuration *config,
const char *spn, const EncTicketPart et,
- const Ticket *t, hdb_entry_ex *server,
+ const Ticket *t, hdb_entry_ex *server,
EncryptedData *ticket, int *kvno)
{
krb5_error_code ret;
@@ -233,12 +233,12 @@ encode_524_response(krb5_context context,
use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL);
if(use_2b) {
- ASN1_MALLOC_ENCODE(EncryptedData,
- ticket->cipher.data, ticket->cipher.length,
+ ASN1_MALLOC_ENCODE(EncryptedData,
+ ticket->cipher.data, ticket->cipher.length,
&t->enc_part, &len, ret);
if (ret) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Failed to encode v4 (2b) ticket (%s)", spn);
return ret;
}
@@ -256,7 +256,7 @@ encode_524_response(krb5_context context,
return KRB5KDC_ERR_POLICY;
}
- ret = _kdc_encode_v4_ticket(context, config,
+ ret = _kdc_encode_v4_ticket(context, config,
buf + sizeof(buf) - 1, sizeof(buf),
&et, &t->sname, &len);
if(ret){
@@ -270,7 +270,7 @@ encode_524_response(krb5_context context,
"no suitable DES key for server (%s)", spn);
return ret;
}
- ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len,
+ ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len,
&skey->key, ticket);
if(ret){
kdc_log(context, config, 0,
@@ -289,7 +289,7 @@ encode_524_response(krb5_context context,
*/
krb5_error_code
-_kdc_do_524(krb5_context context,
+_kdc_do_524(krb5_context context,
krb5_kdc_configuration *config,
const Ticket *t, krb5_data *reply,
const char *from, struct sockaddr *addr)
@@ -306,7 +306,7 @@ _kdc_do_524(krb5_context context,
unsigned char buf[MAX_KTXT_LEN + 4 * 4];
size_t len;
int kvno = 0;
-
+
if(!config->enable_524) {
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, config, 0,
@@ -342,7 +342,7 @@ _kdc_do_524(krb5_context context,
"Failed to decrypt ticket from %s for %s", from, spn);
goto out;
}
- ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length,
+ ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length,
&et, &len);
krb5_data_free(&et_data);
if(ret){
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index 87952ca6eb..60fbc92903 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -1,35 +1,35 @@
/*
- * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
+ * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
*
- * All rights reserved.
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -68,32 +68,32 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->logf = NULL;
c->require_preauth =
- krb5_config_get_bool_default(context, NULL,
+ krb5_config_get_bool_default(context, NULL,
c->require_preauth,
"kdc", "require-preauth", NULL);
- c->enable_v4 =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4,
+ c->enable_v4 =
+ krb5_config_get_bool_default(context, NULL,
+ c->enable_v4,
"kdc", "enable-kerberos4", NULL);
c->enable_v4_cross_realm =
krb5_config_get_bool_default(context, NULL,
- c->enable_v4_cross_realm,
+ c->enable_v4_cross_realm,
"kdc",
"enable-kerberos4-cross-realm", NULL);
c->enable_524 =
- krb5_config_get_bool_default(context, NULL,
- c->enable_v4,
+ krb5_config_get_bool_default(context, NULL,
+ c->enable_v4,
"kdc", "enable-524", NULL);
- c->enable_digest =
- krb5_config_get_bool_default(context, NULL,
+ c->enable_digest =
+ krb5_config_get_bool_default(context, NULL,
FALSE,
"kdc", "enable-digest", NULL);
{
const char *digests;
- digests = krb5_config_get_string(context, NULL,
- "kdc",
+ digests = krb5_config_get_string(context, NULL,
+ "kdc",
"digests_allowed", NULL);
if (digests == NULL)
digests = "ntlm-v2";
@@ -111,17 +111,17 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
}
- c->enable_kx509 =
- krb5_config_get_bool_default(context, NULL,
- FALSE,
+ c->enable_kx509 =
+ krb5_config_get_bool_default(context, NULL,
+ FALSE,
"kdc", "enable-kx509", NULL);
if (c->enable_kx509) {
c->kx509_template =
- krb5_config_get_string(context, NULL,
+ krb5_config_get_string(context, NULL,
"kdc", "kx509_template", NULL);
c->kx509_ca =
- krb5_config_get_string(context, NULL,
+ krb5_config_get_string(context, NULL,
"kdc", "kx509_ca", NULL);
if (c->kx509_ca == NULL || c->kx509_template == NULL) {
kdc_log(context, c, 0,
@@ -130,26 +130,26 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
}
- c->check_ticket_addresses =
- krb5_config_get_bool_default(context, NULL,
- c->check_ticket_addresses,
- "kdc",
+ c->check_ticket_addresses =
+ krb5_config_get_bool_default(context, NULL,
+ c->check_ticket_addresses,
+ "kdc",
"check-ticket-addresses", NULL);
- c->allow_null_ticket_addresses =
- krb5_config_get_bool_default(context, NULL,
- c->allow_null_ticket_addresses,
- "kdc",
+ c->allow_null_ticket_addresses =
+ krb5_config_get_bool_default(context, NULL,
+ c->allow_null_ticket_addresses,
+ "kdc",
"allow-null-ticket-addresses", NULL);
- c->allow_anonymous =
- krb5_config_get_bool_default(context, NULL,
+ c->allow_anonymous =
+ krb5_config_get_bool_default(context, NULL,
c->allow_anonymous,
- "kdc",
+ "kdc",
"allow-anonymous", NULL);
c->max_datagram_reply_length =
- krb5_config_get_int_default(context,
- NULL,
+ krb5_config_get_int_default(context,
+ NULL,
1400,
"kdc",
"max-kdc-datagram-reply-length",
@@ -158,8 +158,8 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
{
const char *trpolicy_str;
- trpolicy_str =
- krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc",
+ trpolicy_str =
+ krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc",
"transited-policy", NULL);
if(strcasecmp(trpolicy_str, "always-check") == 0) {
c->trpolicy = TRPOLICY_ALWAYS_CHECK;
@@ -167,19 +167,19 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
} else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) {
c->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
- } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) {
+ } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) {
/* default */
} else {
kdc_log(context, c, 0,
"unknown transited-policy: %s, "
- "reverting to default (always-check)",
+ "reverting to default (always-check)",
trpolicy_str);
}
}
{
const char *p;
- p = krb5_config_get_string (context, NULL,
+ p = krb5_config_get_string (context, NULL,
"kdc",
"v4-realm",
NULL);
@@ -192,19 +192,19 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
}
- c->enable_kaserver =
- krb5_config_get_bool_default(context,
- NULL,
+ c->enable_kaserver =
+ krb5_config_get_bool_default(context,
+ NULL,
c->enable_kaserver,
"kdc", "enable-kaserver", NULL);
c->encode_as_rep_as_tgs_rep =
- krb5_config_get_bool_default(context, NULL,
- c->encode_as_rep_as_tgs_rep,
- "kdc",
+ krb5_config_get_bool_default(context, NULL,
+ c->encode_as_rep_as_tgs_rep,
+ "kdc",
"encode_as_rep_as_tgs_rep", NULL);
-
+
c->kdc_warn_pwexpire =
krb5_config_get_time_default (context, NULL,
c->kdc_warn_pwexpire,
@@ -212,9 +212,9 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
#ifdef PKINIT
- c->enable_pkinit =
- krb5_config_get_bool_default(context,
- NULL,
+ c->enable_pkinit =
+ krb5_config_get_bool_default(context,
+ NULL,
c->enable_pkinit,
"kdc",
"enable-pkinit",
@@ -223,7 +223,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
const char *user_id, *anchors, *ocsp_file;
char **pool_list, **revoke_list;
- user_id =
+ user_id =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
if (user_id == NULL)
@@ -242,7 +242,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL);
- ocsp_file =
+ ocsp_file =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL);
if (ocsp_file) {
@@ -251,20 +251,20 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_errx(context, 1, "out of memory");
}
- _kdc_pk_initialize(context, c, user_id, anchors,
+ _kdc_pk_initialize(context, c, user_id, anchors,
pool_list, revoke_list);
krb5_config_free_strings(pool_list);
krb5_config_free_strings(revoke_list);
- c->pkinit_princ_in_cert =
+ c->pkinit_princ_in_cert =
krb5_config_get_bool_default(context, NULL,
c->pkinit_princ_in_cert,
"kdc",
"pkinit_principal_in_certificate",
NULL);
- c->pkinit_require_binding =
+ c->pkinit_require_binding =
krb5_config_get_bool_default(context, NULL,
c->pkinit_require_binding,
"kdc",
@@ -273,7 +273,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
c->pkinit_dh_min_bits =
- krb5_config_get_int_default(context, NULL,
+ krb5_config_get_int_default(context, NULL,
0,
"kdc", "pkinit_dh_min_bits", NULL);
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index 401ca1db11..96986c1a87 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -63,7 +63,7 @@ get_digest_key(krb5_context context,
krb5_error_code ret;
krb5_enctype enctype;
Key *key;
-
+
ret = _kdc_get_preferred_key(context,
config,
server,
@@ -115,8 +115,8 @@ fill_targetinfo(krb5_context context,
ti.domainname = targetname;
p = client->entry.principal;
str = krb5_principal_get_comp_string(context, p, 0);
- if (str != NULL &&
- (strcmp("host", str) == 0 ||
+ if (str != NULL &&
+ (strcmp("host", str) == 0 ||
strcmp("ftp", str) == 0 ||
strcmp("imap", str) == 0 ||
strcmp("pop", str) == 0 ||
@@ -125,7 +125,7 @@ fill_targetinfo(krb5_context context,
str = krb5_principal_get_comp_string(context, p, 1);
ti.dnsservername = rk_UNCONST(str);
}
-
+
ret = heim_ntlm_encode_targetinfo(&ti, 1, &d);
if (ret)
return ret;
@@ -199,7 +199,7 @@ get_password_entry(krb5_context context,
*/
krb5_error_code
-_kdc_do_digest(krb5_context context,
+_kdc_do_digest(krb5_context context,
krb5_kdc_configuration *config,
const DigestREQ *req, krb5_data *reply,
const char *from, struct sockaddr *addr)
@@ -223,7 +223,7 @@ _kdc_do_digest(krb5_context context,
krb5_data serverNonce;
if(!config->enable_digest) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Rejected digest request (disabled) from %s", from);
return KRB5KDC_ERR_POLICY;
}
@@ -243,7 +243,7 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- ret = krb5_rd_req(context,
+ ret = krb5_rd_req(context,
&ac,
&req->apReq,
NULL,
@@ -288,7 +288,7 @@ _kdc_do_digest(krb5_context context,
krb5_free_principal(context, principal);
goto out;
}
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = _kdc_db_fetch(context, config, principal,
HDB_F_GET_SERVER, NULL, &server);
@@ -319,9 +319,9 @@ _kdc_do_digest(krb5_context context,
goto out;
if (client->entry.flags.allow_digest == 0) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Client %s tried to use digest "
- "but is not allowed to",
+ "but is not allowed to",
client_name);
ret = KRB5KDC_ERR_POLICY;
krb5_set_error_message(context, ret,
@@ -355,7 +355,7 @@ _kdc_do_digest(krb5_context context,
crypto = NULL;
if (ret)
goto out;
-
+
ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
krb5_data_free(&buf);
if (ret) {
@@ -363,7 +363,7 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- kdc_log(context, config, 0, "Valid digest request from %s (%s)",
+ kdc_log(context, config, 0, "Valid digest request from %s (%s)",
client_name, from);
/*
@@ -399,7 +399,7 @@ _kdc_do_digest(krb5_context context,
}
ret = krb5_store_stringz(sp, ireq.u.init.type);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -421,12 +421,12 @@ _kdc_do_digest(krb5_context context,
ret = krb5_store_stringz(sp, r.u.initReply.nonce);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
if (strcasecmp(ireq.u.init.type, "CHAP") == 0) {
- r.u.initReply.identifier =
+ r.u.initReply.identifier =
malloc(sizeof(*r.u.initReply.identifier));
if (r.u.initReply.identifier == NULL) {
ret = ENOMEM;
@@ -447,14 +447,14 @@ _kdc_do_digest(krb5_context context,
if (ireq.u.init.hostname) {
ret = krb5_store_stringz(sp, *ireq.u.init.hostname);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
}
ret = krb5_storage_to_data(sp, &buf);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -488,7 +488,7 @@ _kdc_do_digest(krb5_context context,
hex_encode(buf.data, buf.length, &r.u.initReply.opaque);
free(buf.data);
if (r.u.initReply.opaque == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -507,7 +507,7 @@ _kdc_do_digest(krb5_context context,
}
ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -516,7 +516,7 @@ _kdc_do_digest(krb5_context context,
if (ireq.u.digestRequest.hostname) {
ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
}
@@ -546,7 +546,7 @@ _kdc_do_digest(krb5_context context,
ret = krb5_storage_to_data(sp, &buf);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -557,15 +557,15 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
/*
* CHAP does the checksum of the raw nonce, but do it for all
* types, since we need to check the timestamp.
*/
{
ssize_t ssize;
-
- ssize = hex_decode(ireq.u.digestRequest.serverNonce,
+
+ ssize = hex_decode(ireq.u.digestRequest.serverNonce,
serverNonce.data, serverNonce.length);
if (ssize <= 0) {
ret = ENOMEM;
@@ -579,7 +579,7 @@ _kdc_do_digest(krb5_context context,
if (ret)
goto out;
- ret = krb5_verify_checksum(context, crypto,
+ ret = krb5_verify_checksum(context, crypto,
KRB5_KU_DIGEST_OPAQUE,
buf.data, buf.length, &res);
krb5_crypto_destroy(context, crypto);
@@ -591,7 +591,7 @@ _kdc_do_digest(krb5_context context,
{
unsigned char *p = serverNonce.data;
uint32_t t;
-
+
if (serverNonce.length < 4) {
ret = EINVAL;
krb5_set_error_message(context, ret, "server nonce too short");
@@ -623,14 +623,14 @@ _kdc_do_digest(krb5_context context,
"from CHAP request");
goto out;
}
-
+
if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
ret = EINVAL;
krb5_set_error_message(context, ret, "failed to decode identifier");
goto out;
}
-
- ret = get_password_entry(context, config,
+
+ ret = get_password_entry(context, config,
ireq.u.digestRequest.username,
&password);
if (ret)
@@ -644,7 +644,7 @@ _kdc_do_digest(krb5_context context,
hex_encode(md, sizeof(md), &mdx);
if (mdx == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -656,7 +656,7 @@ _kdc_do_digest(krb5_context context,
if (ret == 0) {
r.u.response.success = TRUE;
} else {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"CHAP reply mismatch for %s",
ireq.u.digestRequest.username);
r.u.response.success = FALSE;
@@ -673,16 +673,16 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- if (ireq.u.digestRequest.nonceCount == NULL)
+ if (ireq.u.digestRequest.nonceCount == NULL)
goto out;
- if (ireq.u.digestRequest.clientNonce == NULL)
+ if (ireq.u.digestRequest.clientNonce == NULL)
goto out;
- if (ireq.u.digestRequest.qop == NULL)
+ if (ireq.u.digestRequest.qop == NULL)
goto out;
- if (ireq.u.digestRequest.realm == NULL)
+ if (ireq.u.digestRequest.realm == NULL)
goto out;
-
- ret = get_password_entry(context, config,
+
+ ret = get_password_entry(context, config,
ireq.u.digestRequest.username,
&password);
if (ret)
@@ -697,7 +697,7 @@ _kdc_do_digest(krb5_context context,
MD5_Update(&ctx, ":", 1);
MD5_Update(&ctx, password, strlen(password));
MD5_Final(md, &ctx);
-
+
MD5_Init(&ctx);
MD5_Update(&ctx, md, sizeof(md));
MD5_Update(&ctx, ":", 1);
@@ -718,7 +718,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto failed;
}
-
+
MD5_Init(&ctx);
MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
MD5_Update(&ctx, *ireq.u.digestRequest.uri,
@@ -729,7 +729,7 @@ _kdc_do_digest(krb5_context context,
static char conf_zeros[] = ":00000000000000000000000000000000";
MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
}
-
+
MD5_Final(md, &ctx);
hex_encode(md, sizeof(md), &A2);
if (A2 == NULL) {
@@ -763,7 +763,7 @@ _kdc_do_digest(krb5_context context,
hex_encode(md, sizeof(md), &mdx);
if (mdx == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -774,7 +774,7 @@ _kdc_do_digest(krb5_context context,
if (ret == 0) {
r.u.response.success = TRUE;
} else {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"DIGEST-MD5 reply mismatch for %s",
ireq.u.digestRequest.username);
r.u.response.success = FALSE;
@@ -796,13 +796,13 @@ _kdc_do_digest(krb5_context context,
if (ireq.u.digestRequest.clientNonce == NULL) {
ret = EINVAL;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"MS-CHAP-V2 clientNonce missing");
goto failed;
- }
+ }
if (serverNonce.length != 16) {
ret = EINVAL;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"MS-CHAP-V2 serverNonce wrong length");
goto failed;
}
@@ -828,11 +828,11 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- ssize = hex_decode(*ireq.u.digestRequest.clientNonce,
+ ssize = hex_decode(*ireq.u.digestRequest.clientNonce,
clientNonce.data, clientNonce.length);
if (ssize != 16) {
ret = ENOMEM;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Failed to decode clientNonce");
goto out;
}
@@ -847,21 +847,21 @@ _kdc_do_digest(krb5_context context,
ret = krb5_parse_name(context, username, &clientprincipal);
if (ret)
goto failed;
-
+
ret = _kdc_db_fetch(context, config, clientprincipal,
HDB_F_GET_CLIENT, NULL, &user);
krb5_free_principal(context, clientprincipal);
if (ret) {
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"MS-CHAP-V2 user %s not in database",
username);
goto failed;
}
- ret = hdb_enctype2key(context, &user->entry,
+ ret = hdb_enctype2key(context, &user->entry,
ETYPE_ARCFOUR_HMAC_MD5, &key);
if (ret) {
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"MS-CHAP-V2 missing arcfour key %s",
username);
goto failed;
@@ -875,11 +875,11 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed;
}
-
+
hex_encode(answer.data, answer.length, &mdx);
if (mdx == NULL) {
free(answer.data);
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -889,7 +889,7 @@ _kdc_do_digest(krb5_context context,
if (ret == 0) {
r.u.response.success = TRUE;
} else {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"MS-CHAP-V2 hash mismatch for %s",
ireq.u.digestRequest.username);
r.u.response.success = FALSE;
@@ -904,7 +904,7 @@ _kdc_do_digest(krb5_context context,
MD4_CTX hctx;
MD4_Init(&hctx);
- MD4_Update(&hctx, key->key.keyvalue.data,
+ MD4_Update(&hctx, key->key.keyvalue.data,
key->key.keyvalue.length);
MD4_Final(hashhash, &hctx);
}
@@ -925,7 +925,7 @@ _kdc_do_digest(krb5_context context,
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) {
free(answer.data);
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -933,7 +933,7 @@ _kdc_do_digest(krb5_context context,
hex_encode(md, sizeof(md), r.u.response.rsp);
if (r.u.response.rsp == NULL) {
free(answer.data);
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -947,24 +947,24 @@ _kdc_do_digest(krb5_context context,
free(answer.data);
- r.u.response.session_key =
+ r.u.response.session_key =
calloc(1, sizeof(*r.u.response.session_key));
if (r.u.response.session_key == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
ret = krb5_data_copy(r.u.response.session_key, md, 16);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
}
} else {
r.element = choice_DigestRepInner_error;
- asprintf(&r.u.error.reason, "Unsupported digest type %s",
+ asprintf(&r.u.error.reason, "Unsupported digest type %s",
ireq.u.digestRequest.type);
if (r.u.error.reason == NULL) {
ret = ENOMEM;
@@ -1002,7 +1002,7 @@ _kdc_do_digest(krb5_context context,
goto failed;
}
- r.u.ntlmInitReply.flags |=
+ r.u.ntlmInitReply.flags |=
NTLM_NEG_TARGET |
NTLM_TARGET_DOMAIN |
NTLM_ENC_128;
@@ -1018,7 +1018,7 @@ _kdc_do_digest(krb5_context context,
#undef ALL
- r.u.ntlmInitReply.targetname =
+ r.u.ntlmInitReply.targetname =
get_ntlm_targetname(context, client);
if (r.u.ntlmInitReply.targetname == NULL) {
ret = ENOMEM;
@@ -1033,7 +1033,7 @@ _kdc_do_digest(krb5_context context,
}
r.u.ntlmInitReply.challange.length = 8;
if (RAND_bytes(r.u.ntlmInitReply.challange.data,
- r.u.ntlmInitReply.challange.length) != 1)
+ r.u.ntlmInitReply.challange.length) != 1)
{
ret = ENOMEM;
krb5_set_error_message(context, ret, "out of random error");
@@ -1057,7 +1057,7 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- /*
+ /*
* Save data encryted in opaque for the second part of the
* ntlm authentication
*/
@@ -1076,13 +1076,13 @@ _kdc_do_digest(krb5_context context,
}
ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
ret = krb5_storage_to_data(sp, &buf);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -1109,7 +1109,7 @@ _kdc_do_digest(krb5_context context,
uint32_t flags;
Key *key = NULL;
int version;
-
+
r.element = choice_DigestRepInner_ntlmResponse;
r.u.ntlmResponse.success = 0;
r.u.ntlmResponse.flags = 0;
@@ -1142,7 +1142,7 @@ _kdc_do_digest(krb5_context context,
krb5_crypto_destroy(context, crypto);
crypto = NULL;
if (ret) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Failed to decrypt nonce from %s", from);
goto failed;
}
@@ -1173,7 +1173,7 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- ret = hdb_enctype2key(context, &user->entry,
+ ret = hdb_enctype2key(context, &user->entry,
ETYPE_ARCFOUR_HMAC_MD5, &key);
if (ret) {
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
@@ -1255,7 +1255,7 @@ _kdc_do_digest(krb5_context context,
goto failed;
}
}
-
+
ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
key->key.keyvalue.length,
challange, &answer);
@@ -1263,7 +1263,7 @@ _kdc_do_digest(krb5_context context,
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed;
}
-
+
if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
{
@@ -1278,7 +1278,7 @@ _kdc_do_digest(krb5_context context,
MD4_CTX ctx;
MD4_Init(&ctx);
- MD4_Update(&ctx,
+ MD4_Update(&ctx,
key->key.keyvalue.data, key->key.keyvalue.length);
MD4_Final(sessionkey, &ctx);
}
@@ -1288,7 +1288,7 @@ _kdc_do_digest(krb5_context context,
unsigned char masterkey[MD4_DIGEST_LENGTH];
RC4_KEY rc4;
size_t len;
-
+
if ((flags & NTLM_NEG_KEYEX) == 0) {
ret = EINVAL;
krb5_set_error_message(context, ret,
@@ -1296,7 +1296,7 @@ _kdc_do_digest(krb5_context context,
"exchange but still sent key");
goto failed;
}
-
+
len = ireq.u.ntlmRequest.sessionkey->length;
if (len != sizeof(masterkey)){
ret = EINVAL;
@@ -1305,22 +1305,22 @@ _kdc_do_digest(krb5_context context,
(unsigned long)len);
goto failed;
}
-
+
RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
-
+
RC4(&rc4, sizeof(masterkey),
- ireq.u.ntlmRequest.sessionkey->data,
+ ireq.u.ntlmRequest.sessionkey->data,
masterkey);
memset(&rc4, 0, sizeof(rc4));
-
- r.u.ntlmResponse.sessionkey =
+
+ r.u.ntlmResponse.sessionkey =
malloc(sizeof(*r.u.ntlmResponse.sessionkey));
if (r.u.ntlmResponse.sessionkey == NULL) {
ret = EINVAL;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
-
+
ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
masterkey, sizeof(masterkey));
if (ret) {
@@ -1364,7 +1364,7 @@ _kdc_do_digest(krb5_context context,
s = krb5_get_error_message(context, ret);
if (s == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -1410,10 +1410,10 @@ _kdc_do_digest(krb5_context context,
goto out;
}
- ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
+ ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
buf.data, buf.length, 0,
&rep.innerRep);
-
+
ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
if (ret) {
krb5_set_error_message(context, ret, "Failed to encode digest reply");
@@ -1422,7 +1422,7 @@ _kdc_do_digest(krb5_context context,
if (size != reply->length)
krb5_abortx(context, "ASN1 internal error");
-
+
out:
if (ac)
krb5_auth_con_free(context, ac);
diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h
index c2bd4c5b4f..3635d3c56a 100644
--- a/source4/heimdal/kdc/headers.h
+++ b/source4/heimdal/kdc/headers.h
@@ -1,38 +1,38 @@
/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- * $Id$
+/*
+ * $Id$
*/
#ifndef __HEADERS_H__
diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c
index 8f3c3e02ea..9226ae115d 100644
--- a/source4/heimdal/kdc/kaserver.c
+++ b/source4/heimdal/kdc/kaserver.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -192,8 +192,8 @@ init_reply_header (struct rx_header *hdr,
}
/*
- * Create an error `reply´ using for the packet `hdr' with the error
- * `error´ code.
+ * Create an error `reply´ using for the packet `hdr' with the error
+ * `error´ code.
*/
static void
make_error_reply (struct rx_header *hdr,
@@ -280,7 +280,7 @@ krb5_store_xdr_data(krb5_storage *sp,
static krb5_error_code
-create_reply_ticket (krb5_context context,
+create_reply_ticket (krb5_context context,
struct rx_header *hdr,
Key *skey,
char *name, char *instance, char *realm,
@@ -430,7 +430,7 @@ unparse_auth_args (krb5_storage *sp,
}
static void
-do_authenticate (krb5_context context,
+do_authenticate (krb5_context context,
krb5_kdc_configuration *config,
struct rx_header *hdr,
krb5_storage *sp,
@@ -473,7 +473,7 @@ do_authenticate (krb5_context context,
kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s",
client_name, from, server_name);
- ret = _kdc_db_fetch4 (context, config, name, instance,
+ ret = _kdc_db_fetch4 (context, config, name, instance,
config->v4_realm, HDB_F_GET_CLIENT,
&client_entry);
if (ret) {
@@ -483,8 +483,8 @@ do_authenticate (krb5_context context,
goto out;
}
- ret = _kdc_db_fetch4 (context, config, "krbtgt",
- config->v4_realm, config->v4_realm,
+ ret = _kdc_db_fetch4 (context, config, "krbtgt",
+ config->v4_realm, config->v4_realm,
HDB_F_GET_KRBTGT, &server_entry);
if (ret) {
kdc_log(context, config, 0, "Server not found in database: %s: %s",
@@ -564,7 +564,7 @@ do_authenticate (krb5_context context,
life = krb_time_to_life(kdc_time, kdc_time + max_life);
- create_reply_ticket (context,
+ create_reply_ticket (context,
hdr, skey,
name, instance, config->v4_realm,
addr, life, server_entry->entry.kvno,
@@ -643,7 +643,7 @@ unparse_getticket_args (krb5_storage *sp,
}
static void
-do_getticket (krb5_context context,
+do_getticket (krb5_context context,
krb5_kdc_configuration *config,
struct rx_header *hdr,
krb5_storage *sp,
@@ -690,7 +690,7 @@ do_getticket (krb5_context context,
snprintf (server_name, sizeof(server_name),
"%s.%s@%s", name, instance, config->v4_realm);
- ret = _kdc_db_fetch4 (context, config, name, instance,
+ ret = _kdc_db_fetch4 (context, config, name, instance,
config->v4_realm, HDB_F_GET_SERVER, &server_entry);
if (ret) {
kdc_log(context, config, 0, "Server not found in database: %s: %s",
@@ -699,7 +699,7 @@ do_getticket (krb5_context context,
goto out;
}
- ret = _kdc_db_fetch4 (context, config, "krbtgt",
+ ret = _kdc_db_fetch4 (context, config, "krbtgt",
config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry);
if (ret) {
kdc_log(context, config, 0,
@@ -734,7 +734,7 @@ do_getticket (krb5_context context,
char *sname = NULL;
char *sinstance = NULL;
- ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key,
+ ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key,
config->v4_realm, &sname,
&sinstance, &ad);
if (ret) {
@@ -772,7 +772,7 @@ do_getticket (krb5_context context,
kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s",
client_name, from, server_name);
- ret = _kdc_db_fetch4 (context, config,
+ ret = _kdc_db_fetch4 (context, config,
ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT,
&client_entry);
if(ret && ret != HDB_ERR_NOENTRY) {
@@ -783,14 +783,14 @@ do_getticket (krb5_context context,
goto out;
}
if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Local client not found in database: (krb4) "
"%s", client_name);
make_error_reply (hdr, KANOENT, reply);
goto out;
}
- ret = _kdc_check_flags (context, config,
+ ret = _kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
FALSE);
@@ -839,7 +839,7 @@ do_getticket (krb5_context context,
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
- create_reply_ticket (context,
+ create_reply_ticket (context,
hdr, skey,
ad.pname, ad.pinst, ad.prealm,
addr, life, server_entry->entry.kvno,
@@ -847,7 +847,7 @@ do_getticket (krb5_context context,
name, instance,
0, "gtkt",
&ad.session, reply);
-
+
out:
_krb5_krb_free_auth_data(context, &ad);
if (aticket.length) {
@@ -871,7 +871,7 @@ do_getticket (krb5_context context,
}
krb5_error_code
-_kdc_do_kaserver(krb5_context context,
+_kdc_do_kaserver(krb5_context context,
krb5_kdc_configuration *config,
unsigned char *buf,
size_t len,
diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h
index f0edae721f..843bd5fa56 100644
--- a/source4/heimdal/kdc/kdc.h
+++ b/source4/heimdal/kdc/kdc.h
@@ -1,41 +1,41 @@
/*
- * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
+ * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
*
* Copyright (c) 2005 Andrew Bartlett <abartlet@samba.org>
- *
- * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * All rights reserved.
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- * $Id$
+/*
+ * $Id$
*/
#ifndef __KDC_H__
@@ -45,7 +45,7 @@
enum krb5_kdc_trpolicy {
TRPOLICY_ALWAYS_CHECK,
- TRPOLICY_ALLOW_PER_PRINCIPAL,
+ TRPOLICY_ALLOW_PER_PRINCIPAL,
TRPOLICY_ALWAYS_HONOUR_REQUEST
};
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index 6ce4a9f40f..8e34c50049 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -1,38 +1,38 @@
/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- * $Id$
+/*
+ * $Id$
*/
#ifndef __KDC_LOCL_H__
diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c
index 3e9a70057e..2bd2383940 100644
--- a/source4/heimdal/kdc/kerberos4.c
+++ b/source4/heimdal/kdc/kerberos4.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -58,7 +58,7 @@ static void
make_err_reply(krb5_context context, krb5_data *reply,
int code, const char *msg)
{
- _krb5_krb_cr_err_reply(context, "", "", "",
+ _krb5_krb_cr_err_reply(context, "", "", "",
kdc_time, code, msg, reply);
}
@@ -106,8 +106,8 @@ _kdc_db_fetch4(krb5_context context,
ctx.config = config;
ctx.flags = flags;
-
- ret = krb5_425_conv_principal_ext2(context, name, instance, realm,
+
+ ret = krb5_425_conv_principal_ext2(context, name, instance, realm,
valid_princ, &ctx, 0, &p);
if(ret)
return ret;
@@ -125,7 +125,7 @@ _kdc_db_fetch4(krb5_context context,
*/
krb5_error_code
-_kdc_do_version4(krb5_context context,
+_kdc_do_version4(krb5_context context,
krb5_kdc_configuration *config,
unsigned char *buf,
size_t len,
@@ -193,7 +193,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s",
client_name, from, server_name);
- ret = _kdc_db_fetch4(context, config, name, inst, realm,
+ ret = _kdc_db_fetch4(context, config, name, inst, realm,
HDB_F_GET_CLIENT, &client);
if(ret) {
kdc_log(context, config, 0, "Client not found in database: %s: %s",
@@ -212,7 +212,7 @@ _kdc_do_version4(krb5_context context,
goto out1;
}
- ret = _kdc_check_flags (context, config,
+ ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
TRUE);
@@ -254,7 +254,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for client");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for client");
goto out1;
}
@@ -262,7 +262,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out1;
}
@@ -274,7 +274,7 @@ _kdc_do_version4(krb5_context context,
max_life = min(max_life, *server->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
-
+
ret = krb5_generate_random_keyblock(context,
ETYPE_DES_PCBC_NONE,
&session);
@@ -318,7 +318,7 @@ _kdc_do_version4(krb5_context context,
krb5_free_keyblock_contents(context, &session);
krb5_data_free(&ticket);
if (ret) {
- make_err_reply(context, reply, KFAILURE,
+ make_err_reply(context, reply, KFAILURE,
"Failed to create v4 cipher");
goto out1;
}
@@ -362,9 +362,9 @@ _kdc_do_version4(krb5_context context,
&tgt_princ);
if(ret){
kdc_log(context, config, 0,
- "Converting krbtgt principal (krb4): %s",
+ "Converting krbtgt principal (krb4): %s",
krb5_get_err_text(context, ret));
- make_err_reply(context, reply, KFAILURE,
+ make_err_reply(context, reply, KFAILURE,
"Failed to convert v4 principal (krbtgt)");
goto out2;
}
@@ -374,7 +374,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
char *s;
s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not "
- "found in database (krb4): krbtgt.%s@%s: %s",
+ "found in database (krb4): krbtgt.%s@%s: %s",
realm, config->v4_realm,
krb5_get_err_text(context, ret));
make_err_reply(context, reply, KFAILURE, s);
@@ -385,7 +385,7 @@ _kdc_do_version4(krb5_context context,
if(tgt->entry.kvno % 256 != kvno){
kdc_log(context, config, 0,
"tgs-req (krb4) with old kvno %d (current %d) for "
- "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
+ "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
"old krbtgt kvno used");
@@ -394,9 +394,9 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey);
if(ret){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"no suitable DES key for krbtgt (krb4)");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for krbtgt");
goto out2;
}
@@ -414,7 +414,7 @@ _kdc_do_version4(krb5_context context,
else
address = 0;
- ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm,
+ ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm,
config->v4_realm,
address, &tkey->key, &ad);
if(ret){
@@ -440,15 +440,15 @@ _kdc_do_version4(krb5_context context,
client_name, from, server_name);
if(strcmp(ad.prealm, realm)){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
- make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms");
goto out2;
}
if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"krb4 Cross-realm %s -> %s disabled",
realm, config->v4_realm);
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
@@ -457,9 +457,9 @@ _kdc_do_version4(krb5_context context,
}
if(strcmp(sname, "changepw") == 0){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Bad request for changepw ticket (krb4)");
- make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't authorize password change based on TGT");
goto out2;
}
@@ -497,7 +497,7 @@ _kdc_do_version4(krb5_context context,
goto out2;
}
- ret = _kdc_check_flags (context, config,
+ ret = _kdc_check_flags (context, config,
client, client_name,
server, server_name,
FALSE);
@@ -509,9 +509,9 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"no suitable DES key for server (krb4)");
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out2;
}
@@ -589,7 +589,7 @@ _kdc_do_version4(krb5_context context,
"failed to create v4 cipher");
goto out2;
}
-
+
ret = _krb5_krb_create_auth_reply(context,
ad.pname,
ad.pinst,
@@ -614,7 +614,7 @@ _kdc_do_version4(krb5_context context,
ret = EINVAL;
break;
default:
- kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s",
+ kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s",
msg_type, from);
make_err_reply(context, reply, KFAILURE, "Unknown message type");
@@ -640,7 +640,7 @@ _kdc_do_version4(krb5_context context,
}
krb5_error_code
-_kdc_encode_v4_ticket(krb5_context context,
+_kdc_encode_v4_ticket(krb5_context context,
krb5_kdc_configuration *config,
void *buf, size_t len, const EncTicketPart *et,
const PrincipalName *service, size_t *size)
@@ -656,7 +656,7 @@ _kdc_encode_v4_ticket(krb5_context context,
&princ,
*service,
et->crealm);
- ret = krb5_524_conv_principal(context,
+ ret = krb5_524_conv_principal(context,
princ,
sname,
sinst,
@@ -669,8 +669,8 @@ _kdc_encode_v4_ticket(krb5_context context,
&princ,
et->cname,
et->crealm);
-
- ret = krb5_524_conv_principal(context,
+
+ ret = krb5_524_conv_principal(context,
princ,
name,
inst,
@@ -681,7 +681,7 @@ _kdc_encode_v4_ticket(krb5_context context,
return ret;
sp = krb5_storage_emem();
-
+
krb5_store_int8(sp, 0); /* flags */
krb5_store_stringz(sp, name);
krb5_store_stringz(sp, inst);
@@ -702,11 +702,11 @@ _kdc_encode_v4_ticket(krb5_context context,
if((et->key.keytype != ETYPE_DES_CBC_MD5 &&
et->key.keytype != ETYPE_DES_CBC_MD4 &&
- et->key.keytype != ETYPE_DES_CBC_CRC) ||
+ et->key.keytype != ETYPE_DES_CBC_CRC) ||
et->key.keyvalue.length != 8)
return -1;
krb5_storage_write(sp, et->key.keyvalue.data, 8);
-
+
{
time_t start = et->starttime ? *et->starttime : et->authtime;
krb5_store_int8(sp, krb_time_to_life(start, et->endtime));
@@ -715,7 +715,7 @@ _kdc_encode_v4_ticket(krb5_context context,
krb5_store_stringz(sp, sname);
krb5_store_stringz(sp, sinst);
-
+
{
krb5_data data;
krb5_storage_to_data(sp, &data);
@@ -731,19 +731,19 @@ _kdc_encode_v4_ticket(krb5_context context,
}
krb5_error_code
-_kdc_get_des_key(krb5_context context,
- hdb_entry_ex *principal, krb5_boolean is_server,
+_kdc_get_des_key(krb5_context context,
+ hdb_entry_ex *principal, krb5_boolean is_server,
krb5_boolean prefer_afs_key, Key **ret_key)
{
Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
int i;
- krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5,
- ETYPE_DES_CBC_MD4,
+ krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5,
+ ETYPE_DES_CBC_MD4,
ETYPE_DES_CBC_CRC };
for(i = 0;
i < sizeof(etypes)/sizeof(etypes[0])
- && (v5_key == NULL || v4_key == NULL ||
+ && (v5_key == NULL || v4_key == NULL ||
afs_key == NULL || server_key == NULL);
++i) {
Key *key = NULL;
@@ -751,7 +751,7 @@ _kdc_get_des_key(krb5_context context,
if(key->salt == NULL) {
if(v5_key == NULL)
v5_key = key;
- } else if(key->salt->type == hdb_pw_salt &&
+ } else if(key->salt->type == hdb_pw_salt &&
key->salt->salt.length == 0) {
if(v4_key == NULL)
v4_key = key;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 7930ef42e4..c715e0812f 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -126,7 +126,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
krb5_error_code
_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
- krb5_enctype *etypes, unsigned len,
+ krb5_enctype *etypes, unsigned len,
Key **ret_key, krb5_enctype *ret_etype)
{
int i;
@@ -178,44 +178,44 @@ _kdc_make_anonymous_principalname (PrincipalName *pn)
}
void
-_kdc_log_timestamp(krb5_context context,
+_kdc_log_timestamp(krb5_context context,
krb5_kdc_configuration *config,
const char *type,
- KerberosTime authtime, KerberosTime *starttime,
+ KerberosTime authtime, KerberosTime *starttime,
KerberosTime endtime, KerberosTime *renew_till)
{
- char authtime_str[100], starttime_str[100],
+ char authtime_str[100], starttime_str[100],
endtime_str[100], renewtime_str[100];
-
- krb5_format_time(context, authtime,
- authtime_str, sizeof(authtime_str), TRUE);
+
+ krb5_format_time(context, authtime,
+ authtime_str, sizeof(authtime_str), TRUE);
if (starttime)
- krb5_format_time(context, *starttime,
- starttime_str, sizeof(starttime_str), TRUE);
+ krb5_format_time(context, *starttime,
+ starttime_str, sizeof(starttime_str), TRUE);
else
strlcpy(starttime_str, "unset", sizeof(starttime_str));
- krb5_format_time(context, endtime,
- endtime_str, sizeof(endtime_str), TRUE);
+ krb5_format_time(context, endtime,
+ endtime_str, sizeof(endtime_str), TRUE);
if (renew_till)
- krb5_format_time(context, *renew_till,
- renewtime_str, sizeof(renewtime_str), TRUE);
+ krb5_format_time(context, *renew_till,
+ renewtime_str, sizeof(renewtime_str), TRUE);
else
strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
-
+
kdc_log(context, config, 5,
"%s authtime: %s starttime: %s endtime: %s renew till: %s",
type, authtime_str, starttime_str, endtime_str, renewtime_str);
}
static void
-log_patypes(krb5_context context,
+log_patypes(krb5_context context,
krb5_kdc_configuration *config,
METHOD_DATA *padata)
{
struct rk_strpool *p = NULL;
char *str;
int i;
-
+
for (i = 0; i < padata->len; i++) {
switch(padata->val[i].padata_type) {
case KRB5_PADATA_PK_AS_REQ:
@@ -257,8 +257,8 @@ log_patypes(krb5_context context,
krb5_error_code
_kdc_encode_reply(krb5_context context,
krb5_kdc_configuration *config,
- KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek,
- krb5_enctype etype,
+ KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek,
+ krb5_enctype etype,
int skvno, const EncryptionKey *skey,
int ckvno, const EncryptionKey *ckey,
const char **e_text,
@@ -272,7 +272,7 @@ _kdc_encode_reply(krb5_context context,
ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
if(ret) {
- kdc_log(context, config, 0, "Failed to encode ticket: %s",
+ kdc_log(context, config, 0, "Failed to encode ticket: %s",
krb5_get_err_text(context, ret));
return ret;
}
@@ -291,7 +291,7 @@ _kdc_encode_reply(krb5_context context,
return ret;
}
- ret = krb5_encrypt_EncryptedData(context,
+ ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
@@ -305,13 +305,13 @@ _kdc_encode_reply(krb5_context context,
krb5_get_err_text(context, ret));
return ret;
}
-
+
if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
else
ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
if(ret) {
- kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
+ kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
krb5_get_err_text(context, ret));
return ret;
}
@@ -351,7 +351,7 @@ _kdc_encode_reply(krb5_context context,
}
krb5_crypto_destroy(context, crypto);
if(ret) {
- kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
+ kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
krb5_get_err_text(context, ret));
return ret;
}
@@ -381,7 +381,7 @@ older_enctype(krb5_enctype enctype)
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
- /*
+ /*
* The following three is "old" windows enctypes and is needed for
* windows 2000 hosts.
*/
@@ -423,7 +423,7 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
else if(key->salt->type == hdb_afs3_salt)
*ent->salttype = 2;
else {
- kdc_log(context, config, 0, "unknown salt-type: %d",
+ kdc_log(context, config, 0, "unknown salt-type: %d",
key->salt->type);
return KRB5KRB_ERR_GENERIC;
}
@@ -436,7 +436,7 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
ALLOC(ent->salttype);
*ent->salttype = key->salt->type;
#else
- /*
+ /*
* We shouldn't sent salttype since it is incompatible with the
* specification and it breaks windows clients. The afs
* salting problem is solved by using KRB5-PADATA-AFS3-SALT
@@ -459,9 +459,9 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
}
static krb5_error_code
-get_pa_etype_info(krb5_context context,
+get_pa_etype_info(krb5_context context,
krb5_kdc_configuration *config,
- METHOD_DATA *md, hdb_entry *client,
+ METHOD_DATA *md, hdb_entry *client,
ENCTYPE *etypes, unsigned int etypes_len)
{
krb5_error_code ret = 0;
@@ -470,7 +470,7 @@ get_pa_etype_info(krb5_context context,
ETYPE_INFO pa;
unsigned char *buf;
size_t len;
-
+
pa.len = client->keys.len;
if(pa.len > UINT_MAX/sizeof(*pa.val))
@@ -492,8 +492,8 @@ get_pa_etype_info(krb5_context context,
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
- if((ret = make_etype_info_entry(context,
- &pa.val[n++],
+ if((ret = make_etype_info_entry(context,
+ &pa.val[n++],
&client->keys.val[i])) != 0) {
free_ETYPE_INFO(&pa);
return ret;
@@ -515,15 +515,15 @@ get_pa_etype_info(krb5_context context,
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
- if((ret = make_etype_info_entry(context,
- &pa.val[n++],
+ if((ret = make_etype_info_entry(context,
+ &pa.val[n++],
&client->keys.val[i])) != 0) {
free_ETYPE_INFO(&pa);
return ret;
}
skip2:;
}
-
+
if(n < pa.len) {
/* stripped out dups, newer enctypes, and not valid enctypes */
pa.len = n;
@@ -584,8 +584,8 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
ent->s2kparams = NULL;
return ENOMEM;
}
- _krb5_put_int(ent->s2kparams->data,
- _krb5_AES_string_to_default_iterator,
+ _krb5_put_int(ent->s2kparams->data,
+ _krb5_AES_string_to_default_iterator,
ent->s2kparams->length);
break;
case ETYPE_DES_CBC_CRC:
@@ -603,7 +603,7 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
ent->s2kparams = NULL;
return ENOMEM;
}
- _krb5_put_int(ent->s2kparams->data,
+ _krb5_put_int(ent->s2kparams->data,
1,
ent->s2kparams->length);
}
@@ -621,9 +621,9 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
*/
static krb5_error_code
-get_pa_etype_info2(krb5_context context,
+get_pa_etype_info2(krb5_context context,
krb5_kdc_configuration *config,
- METHOD_DATA *md, hdb_entry *client,
+ METHOD_DATA *md, hdb_entry *client,
ENCTYPE *etypes, unsigned int etypes_len)
{
krb5_error_code ret = 0;
@@ -651,7 +651,7 @@ get_pa_etype_info2(krb5_context context,
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
- if((ret = make_etype_info2_entry(&pa.val[n++],
+ if((ret = make_etype_info2_entry(&pa.val[n++],
&client->keys.val[i])) != 0) {
free_ETYPE_INFO2(&pa);
return ret;
@@ -679,7 +679,7 @@ get_pa_etype_info2(krb5_context context,
}
skip2:;
}
-
+
if(n < pa.len) {
/* stripped out dups, and not valid enctypes */
pa.len = n;
@@ -715,7 +715,7 @@ log_as_req(krb5_context context,
struct rk_strpool *p = NULL;
char *str;
int i;
-
+
for (i = 0; i < b->etype.len; i++) {
ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
if (ret == 0) {
@@ -732,7 +732,7 @@ log_as_req(krb5_context context,
}
if (p == NULL)
p = rk_strpoolprintf(p, "no encryption types");
-
+
str = rk_strpoolcollect(p);
kdc_log(context, config, 0, "Client supported enctypes: %s", str);
free(str);
@@ -753,10 +753,10 @@ log_as_req(krb5_context context,
if (ret != 0)
kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype);
}
-
+
{
char fixedstr[128];
- unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
+ unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
fixedstr, sizeof(fixedstr));
if(*fixedstr)
kdc_log(context, config, 2, "Requested flags: %s", fixedstr);
@@ -770,7 +770,7 @@ log_as_req(krb5_context context,
*/
krb5_error_code
-_kdc_check_flags(krb5_context context,
+_kdc_check_flags(krb5_context context,
krb5_kdc_configuration *config,
hdb_entry_ex *client_ex, const char *client_name,
hdb_entry_ex *server_ex, const char *server_name,
@@ -781,7 +781,7 @@ _kdc_check_flags(krb5_context context,
/* check client */
if (client->flags.invalid) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Client (%s) has invalid bit set", client_name);
return KRB5KDC_ERR_POLICY;
}
@@ -794,38 +794,38 @@ _kdc_check_flags(krb5_context context,
if (client->valid_start && *client->valid_start > kdc_time) {
char starttime_str[100];
- krb5_format_time(context, *client->valid_start,
- starttime_str, sizeof(starttime_str), TRUE);
+ krb5_format_time(context, *client->valid_start,
+ starttime_str, sizeof(starttime_str), TRUE);
kdc_log(context, config, 0,
- "Client not yet valid until %s -- %s",
+ "Client not yet valid until %s -- %s",
starttime_str, client_name);
return KRB5KDC_ERR_CLIENT_NOTYET;
}
if (client->valid_end && *client->valid_end < kdc_time) {
char endtime_str[100];
- krb5_format_time(context, *client->valid_end,
- endtime_str, sizeof(endtime_str), TRUE);
+ krb5_format_time(context, *client->valid_end,
+ endtime_str, sizeof(endtime_str), TRUE);
kdc_log(context, config, 0,
"Client expired at %s -- %s",
endtime_str, client_name);
return KRB5KDC_ERR_NAME_EXP;
}
- if (client->pw_end && *client->pw_end < kdc_time
+ if (client->pw_end && *client->pw_end < kdc_time
&& (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
char pwend_str[100];
- krb5_format_time(context, *client->pw_end,
- pwend_str, sizeof(pwend_str), TRUE);
+ krb5_format_time(context, *client->pw_end,
+ pwend_str, sizeof(pwend_str), TRUE);
kdc_log(context, config, 0,
- "Client's key has expired at %s -- %s",
+ "Client's key has expired at %s -- %s",
pwend_str, client_name);
return KRB5KDC_ERR_KEY_EXPIRED;
}
}
/* check server */
-
+
if (server_ex != NULL) {
hdb_entry *server = &server_ex->entry;
@@ -849,8 +849,8 @@ _kdc_check_flags(krb5_context context,
if (server->valid_start && *server->valid_start > kdc_time) {
char starttime_str[100];
- krb5_format_time(context, *server->valid_start,
- starttime_str, sizeof(starttime_str), TRUE);
+ krb5_format_time(context, *server->valid_start,
+ starttime_str, sizeof(starttime_str), TRUE);
kdc_log(context, config, 0,
"Server not yet valid until %s -- %s",
starttime_str, server_name);
@@ -859,20 +859,20 @@ _kdc_check_flags(krb5_context context,
if (server->valid_end && *server->valid_end < kdc_time) {
char endtime_str[100];
- krb5_format_time(context, *server->valid_end,
- endtime_str, sizeof(endtime_str), TRUE);
+ krb5_format_time(context, *server->valid_end,
+ endtime_str, sizeof(endtime_str), TRUE);
kdc_log(context, config, 0,
- "Server expired at %s -- %s",
+ "Server expired at %s -- %s",
endtime_str, server_name);
return KRB5KDC_ERR_SERVICE_EXP;
}
if (server->pw_end && *server->pw_end < kdc_time) {
char pwend_str[100];
- krb5_format_time(context, *server->pw_end,
- pwend_str, sizeof(pwend_str), TRUE);
+ krb5_format_time(context, *server->pw_end,
+ pwend_str, sizeof(pwend_str), TRUE);
kdc_log(context, config, 0,
- "Server's key has expired at -- %s",
+ "Server's key has expired at -- %s",
pwend_str, server_name);
return KRB5KDC_ERR_KEY_EXPIRED;
}
@@ -887,7 +887,7 @@ _kdc_check_flags(krb5_context context,
*/
krb5_boolean
-_kdc_check_addresses(krb5_context context,
+_kdc_check_addresses(krb5_context context,
krb5_kdc_configuration *config,
HostAddresses *addresses, const struct sockaddr *from)
{
@@ -896,13 +896,13 @@ _kdc_check_addresses(krb5_context context,
krb5_boolean result;
krb5_boolean only_netbios = TRUE;
int i;
-
+
if(config->check_ticket_addresses == 0)
return TRUE;
if(addresses == NULL)
return config->allow_null_ticket_addresses;
-
+
for (i = 0; i < addresses->len; ++i) {
if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
only_netbios = FALSE;
@@ -938,7 +938,7 @@ send_pac_p(krb5_context context, KDC_REQ *req)
PA_PAC_REQUEST pacreq;
const PA_DATA *pa;
int i = 0;
-
+
pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
if (pa == NULL)
return TRUE;
@@ -961,10 +961,10 @@ send_pac_p(krb5_context context, KDC_REQ *req)
*/
krb5_error_code
-_kdc_as_rep(krb5_context context,
+_kdc_as_rep(krb5_context context,
krb5_kdc_configuration *config,
- KDC_REQ *req,
- const krb5_data *req_buffer,
+ KDC_REQ *req,
+ const krb5_data *req_buffer,
krb5_data *reply,
const char *from,
struct sockaddr *from_addr,
@@ -1008,11 +1008,11 @@ _kdc_as_rep(krb5_context context,
ret = krb5_unparse_name(context, server_princ, &server_name);
}
if (ret) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"AS-REQ malformed server name from %s", from);
goto out;
}
-
+
if(b->cname == NULL){
ret = KRB5KRB_ERR_GENERIC;
e_text = "No client in request";
@@ -1022,7 +1022,7 @@ _kdc_as_rep(krb5_context context,
if (b->cname->name_string.len != 1) {
kdc_log(context, config, 0,
"AS-REQ malformed canon request from %s, "
- "enterprise name with %d name components",
+ "enterprise name with %d name components",
from, b->cname->name_string.len);
ret = KRB5_PARSE_MALFORMED;
goto out;
@@ -1047,10 +1047,10 @@ _kdc_as_rep(krb5_context context,
goto out;
}
- kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
+ kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
client_name, from, server_name);
- ret = _kdc_db_fetch(context, config, client_princ,
+ ret = _kdc_db_fetch(context, config, client_princ,
HDB_F_GET_CLIENT | flags, NULL, &client);
if(ret){
kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
@@ -1073,7 +1073,7 @@ _kdc_as_rep(krb5_context context,
if(ret)
goto out;
- ret = _kdc_check_flags(context, config,
+ ret = _kdc_check_flags(context, config,
client, client_name,
server, server_name,
TRUE);
@@ -1091,7 +1091,7 @@ _kdc_as_rep(krb5_context context,
log_patypes(context, config, req->padata);
#ifdef PKINIT
- kdc_log(context, config, 5,
+ kdc_log(context, config, 5,
"Looking for PKINIT pa-data -- %s", client_name);
e_text = "No PKINIT PA found";
@@ -1110,8 +1110,8 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp);
if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- kdc_log(context, config, 5,
- "Failed to decode PKINIT PA-DATA -- %s",
+ kdc_log(context, config, 5,
+ "Failed to decode PKINIT PA-DATA -- %s",
client_name);
goto ts_enc;
}
@@ -1135,7 +1135,7 @@ _kdc_as_rep(krb5_context context,
found_pa = 1;
et.flags.pre_authent = 1;
kdc_log(context, config, 0,
- "PKINIT pre-authentication succeeded -- %s using %s",
+ "PKINIT pre-authentication succeeded -- %s using %s",
client_name, client_cert);
free(client_cert);
if (pkp)
@@ -1143,7 +1143,7 @@ _kdc_as_rep(krb5_context context,
}
ts_enc:
#endif
- kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s",
+ kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s",
client_name);
i = 0;
@@ -1155,21 +1155,21 @@ _kdc_as_rep(krb5_context context,
EncryptedData enc_data;
Key *pa_key;
char *str;
-
+
found_pa = 1;
-
+
ret = decode_EncryptedData(pa->padata_value.data,
pa->padata_value.length,
&enc_data,
&len);
if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s",
+ kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s",
client_name);
goto out;
}
-
- ret = hdb_enctype2key(context, &client->entry,
+
+ ret = hdb_enctype2key(context, &client->entry,
enc_data.etype, &pa_key);
if(ret){
char *estr;
@@ -1178,15 +1178,15 @@ _kdc_as_rep(krb5_context context,
if(krb5_enctype_to_string(context, enc_data.etype, &estr))
estr = NULL;
if(estr == NULL)
- kdc_log(context, config, 5,
- "No client key matching pa-data (%d) -- %s",
+ kdc_log(context, config, 5,
+ "No client key matching pa-data (%d) -- %s",
enc_data.etype, client_name);
else
kdc_log(context, config, 5,
- "No client key matching pa-data (%s) -- %s",
+ "No client key matching pa-data (%s) -- %s",
estr, client_name);
free(estr);
-
+
free_EncryptedData(&enc_data);
continue;
}
@@ -1208,19 +1208,19 @@ _kdc_as_rep(krb5_context context,
krb5_crypto_destroy(context, crypto);
if(ret){
krb5_error_code ret2;
- ret2 = krb5_enctype_to_string(context,
+ ret2 = krb5_enctype_to_string(context,
pa_key->key.keytype, &str);
if (ret2)
str = NULL;
- kdc_log(context, config, 5,
+ kdc_log(context, config, 5,
"Failed to decrypt PA-DATA -- %s "
"(enctype %s) error %s",
client_name,
- str ? str : "unknown enctype",
+ str ? str : "unknown enctype",
krb5_get_err_text(context, ret));
free(str);
- if(hdb_next_enctype2key(context, &client->entry,
+ if(hdb_next_enctype2key(context, &client->entry,
enc_data.etype, &pa_key) == 0)
goto try_next_key;
e_text = "Failed to decrypt PA-DATA";
@@ -1238,7 +1238,7 @@ _kdc_as_rep(krb5_context context,
if(ret){
e_text = "Failed to decode PA-ENC-TS-ENC";
ret = KRB5KDC_ERR_PREAUTH_FAILED;
- kdc_log(context, config,
+ kdc_log(context, config,
5, "Failed to decode PA-ENC-TS_ENC -- %s",
client_name);
continue;
@@ -1247,20 +1247,20 @@ _kdc_as_rep(krb5_context context,
if (abs(kdc_time - p.patimestamp) > context->max_skew) {
char client_time[100];
- krb5_format_time(context, p.patimestamp,
- client_time, sizeof(client_time), TRUE);
+ krb5_format_time(context, p.patimestamp,
+ client_time, sizeof(client_time), TRUE);
ret = KRB5KRB_AP_ERR_SKEW;
kdc_log(context, config, 0,
"Too large time skew, "
- "client time %s is out by %u > %u seconds -- %s",
- client_time,
- (unsigned)abs(kdc_time - p.patimestamp),
+ "client time %s is out by %u > %u seconds -- %s",
+ client_time,
+ (unsigned)abs(kdc_time - p.patimestamp),
context->max_skew,
client_name);
#if 1
/* This code is from samba, needs testing */
- /*
+ /*
* the following is needed to make windows clients
* to retry using the timestamp in the error message
*
@@ -1280,7 +1280,7 @@ _kdc_as_rep(krb5_context context,
str = NULL;
kdc_log(context, config, 2,
- "ENC-TS Pre-authentication succeeded -- %s using %s",
+ "ENC-TS Pre-authentication succeeded -- %s using %s",
client_name, str ? str : "unknown enctype");
free(str);
break;
@@ -1305,7 +1305,7 @@ _kdc_as_rep(krb5_context context,
unsigned char *buf;
size_t len;
- use_pa:
+ use_pa:
method_data.len = 0;
method_data.val = NULL;
@@ -1329,8 +1329,8 @@ _kdc_as_rep(krb5_context context,
pa->padata_value.data = NULL;
#endif
- /*
- * RFC4120 requires:
+ /*
+ * RFC4120 requires:
* - If the client only knows about old enctypes, then send
* both info replies (we send 'info' first in the list).
* - If the client is 'modern', because it knows about 'new'
@@ -1340,10 +1340,10 @@ _kdc_as_rep(krb5_context context,
/* XXX check ret */
if (only_older_enctype_p(req))
ret = get_pa_etype_info(context, config,
- &method_data, &client->entry,
- b->etype.val, b->etype.len);
+ &method_data, &client->entry,
+ b->etype.val, b->etype.len);
/* XXX check ret */
- ret = get_pa_etype_info2(context, config, &method_data,
+ ret = get_pa_etype_info2(context, config, &method_data,
&client->entry, b->etype.val, b->etype.len);
@@ -1361,7 +1361,7 @@ _kdc_as_rep(krb5_context context,
client_name);
goto out;
}
-
+
/*
* Find the client key (for preauth ENC-TS verification and reply
* encryption). Then the best encryption type for the KDC and
@@ -1372,7 +1372,7 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
&ckey, &cetype);
if (ret) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Client (%s) has no support for etypes", client_name);
goto out;
}
@@ -1383,7 +1383,7 @@ _kdc_as_rep(krb5_context context,
if(ret)
goto out;
- /*
+ /*
* Select a session enctype from the list of the crypto systems
* supported enctype, is supported by the client and is one of the
* enctype of the enctype of the krbtgt.
@@ -1415,13 +1415,13 @@ _kdc_as_rep(krb5_context context,
Key *dummy;
/* check with client */
if (p[i] != b->etype.val[j])
- continue;
+ continue;
/* save best of union of { client, crypto system } */
if (clientbest == ETYPE_NULL)
clientbest = p[i];
/* check with krbtgt */
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
- if (ret)
+ if (ret)
continue;
sessionetype = p[i];
}
@@ -1432,8 +1432,8 @@ _kdc_as_rep(krb5_context context,
} else if (sessionetype == ETYPE_NULL) {
kdc_log(context, config, 0,
"Client (%s) from %s has no common enctypes with KDC"
- "to use for the session key",
- client_name, from);
+ "to use for the session key",
+ client_name, from);
goto out;
}
}
@@ -1446,18 +1446,18 @@ _kdc_as_rep(krb5_context context,
kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
goto out;
}
-
+
rep.pvno = 5;
rep.msg_type = krb_as_rep;
copy_Realm(&client->entry.principal->realm, &rep.crealm);
if (f.request_anonymous)
_kdc_make_anonymous_principalname (&rep.cname);
else
- _krb5_principal2principalname(&rep.cname,
+ _krb5_principal2principalname(&rep.cname,
client->entry.principal);
rep.ticket.tkt_vno = 5;
copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
- _krb5_principal2principalname(&rep.ticket.sname,
+ _krb5_principal2principalname(&rep.ticket.sname,
server->entry.principal);
/* java 1.6 expects the name to be the same type, lets allow that
* uncomplicated name-types. */
@@ -1479,7 +1479,7 @@ _kdc_as_rep(krb5_context context,
et.flags.proxiable = f.proxiable;
else if (f.proxiable) {
ret = KRB5KDC_ERR_POLICY;
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Ticket may not be proxiable -- %s", client_name);
goto out;
}
@@ -1505,13 +1505,13 @@ _kdc_as_rep(krb5_context context,
goto out;
copy_PrincipalName(&rep.cname, &et.cname);
copy_Realm(&rep.crealm, &et.crealm);
-
+
{
time_t start;
time_t t;
start = et.authtime = kdc_time;
-
+
if(f.postdated && req->req_body.from){
ALLOC(et.starttime);
start = *et.starttime = *req->req_body.from;
@@ -1559,15 +1559,15 @@ _kdc_as_rep(krb5_context context,
if (f.request_anonymous)
et.flags.anonymous = 1;
-
+
if(b->addresses){
ALLOC(et.caddr);
copy_HostAddresses(b->addresses, et.caddr);
}
-
+
et.transited.tr_type = DOMAIN_X500_COMPRESS;
- krb5_data_zero(&et.transited.contents);
-
+ krb5_data_zero(&et.transited.contents);
+
copy_EncryptionKey(&et.key, &ek.key);
/* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
@@ -1607,7 +1607,7 @@ _kdc_as_rep(krb5_context context,
ALLOC(ek.key_expiration);
if (client->entry.valid_end) {
if (client->entry.pw_end)
- *ek.key_expiration = min(*client->entry.valid_end,
+ *ek.key_expiration = min(*client->entry.valid_end,
*client->entry.pw_end);
else
*ek.key_expiration = *client->entry.valid_end;
@@ -1640,8 +1640,8 @@ _kdc_as_rep(krb5_context context,
reply_key = &ckey->key;
#if PKINIT
if (pkp) {
- ret = _kdc_pk_mk_pa_reply(context, config, pkp, client,
- req, req_buffer,
+ ret = _kdc_pk_mk_pa_reply(context, config, pkp, client,
+ req, req_buffer,
&reply_key, rep.padata);
if (ret)
goto out;
@@ -1671,7 +1671,7 @@ _kdc_as_rep(krb5_context context,
ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
&canon.names, &len, ret);
- if (ret)
+ if (ret)
goto out;
if (data.length != len)
krb5_abortx(context, "internal asn.1 error");
@@ -1683,7 +1683,7 @@ _kdc_as_rep(krb5_context context,
goto out;
}
- ret = krb5_create_checksum(context, crypto,
+ ret = krb5_create_checksum(context, crypto,
KRB5_KU_CANONICALIZED_NAMES, 0,
data.data, data.length,
&canon.canon_checksum);
@@ -1691,11 +1691,11 @@ _kdc_as_rep(krb5_context context,
krb5_crypto_destroy(context, crypto);
if (ret)
goto out;
-
+
ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length,
&canon, &len, ret);
free_Checksum(&canon.canon_checksum);
- if (ret)
+ if (ret)
goto out;
if (data.length != len)
krb5_abortx(context, "internal asn.1 error");
@@ -1720,19 +1720,19 @@ _kdc_as_rep(krb5_context context,
ret = _kdc_pac_generate(context, client, &p);
if (ret) {
- kdc_log(context, config, 0, "PAC generation failed for -- %s",
+ kdc_log(context, config, 0, "PAC generation failed for -- %s",
client_name);
goto out;
}
if (p != NULL) {
ret = _krb5_pac_sign(context, p, et.authtime,
client->entry.principal,
- &skey->key, /* Server key */
+ &skey->key, /* Server key */
&skey->key, /* FIXME: should be krbtgt key */
&data);
krb5_pac_free(context, p);
if (ret) {
- kdc_log(context, config, 0, "PAC signing failed for -- %s",
+ kdc_log(context, config, 0, "PAC signing failed for -- %s",
client_name);
goto out;
}
@@ -1746,7 +1746,7 @@ _kdc_as_rep(krb5_context context,
}
}
- _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime,
+ _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime,
et.endtime, et.renew_till);
/* do this as the last thing since this signs the EncTicketPart */
@@ -1760,9 +1760,9 @@ _kdc_as_rep(krb5_context context,
if (ret)
goto out;
- ret = _kdc_encode_reply(context, config,
- &rep, &et, &ek, setype, server->entry.kvno,
- &skey->key, client->entry.kvno,
+ ret = _kdc_encode_reply(context, config,
+ &rep, &et, &ek, setype, server->entry.kvno,
+ &skey->key, client->entry.kvno,
reply_key, &e_text, reply);
free_EncTicketPart(&et);
free_EncKDCRepPart(&ek);
@@ -1810,8 +1810,8 @@ out:
}
/*
- * Add the AuthorizationData `data´ of `type´ to the last element in
- * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
+ * Add the AuthorizationData `data´ of `type´ to the last element in
+ * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
*/
krb5_error_code
@@ -1847,8 +1847,8 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
- ASN1_MALLOC_ENCODE(AuthorizationData,
- ade.ad_data.data, ade.ad_data.length,
+ ASN1_MALLOC_ENCODE(AuthorizationData,
+ ade.ad_data.data, ade.ad_data.length,
&ad, &size, ret);
free_AuthorizationData(&ad);
if (ret) {
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index d557da2a5b..b986279ad4 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -501,7 +501,7 @@ check_constrained_delegation(krb5_context context,
ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return ret;
}
@@ -888,7 +888,7 @@ tgs_make_reply(krb5_context context,
}
if (krb5_enctype_valid(context, et.key.keytype) != 0
- && _kdc_is_weak_expection(server->entry.principal, et.key.keytype))
+ && _kdc_is_weak_expection(server->entry.principal, et.key.keytype))
{
krb5_enctype_enable(context, et.key.keytype);
is_weak = 1;
@@ -1295,7 +1295,7 @@ build_server_referral(krb5_context context,
memset(&ref, 0, sizeof(ref));
if (referred_realm) {
- ref.referred_realm = malloc(sizeof(ref.referred_realm));
+ ALLOC(ref.referred_realm);
if (ref.referred_realm == NULL)
goto eout;
*ref.referred_realm = strdup(referred_realm);
@@ -1303,8 +1303,7 @@ build_server_referral(krb5_context context,
goto eout;
}
if (true_principal_name) {
- ref.true_principal_name =
- malloc(sizeof(ref.true_principal_name));
+ ALLOC(ref.true_principal_name);
if (ref.true_principal_name == NULL)
goto eout;
ret = copy_PrincipalName(true_principal_name, ref.true_principal_name);
@@ -1312,8 +1311,7 @@ build_server_referral(krb5_context context,
goto eout;
}
if (requested_principal) {
- ref.requested_principal_name =
- malloc(sizeof(ref.requested_principal_name));
+ ALLOC(ref.requested_principal_name);
if (ref.requested_principal_name == NULL)
goto eout;
ret = copy_PrincipalName(requested_principal,
@@ -1393,8 +1391,6 @@ tgs_build_reply(krb5_context context,
char opt_str[128];
int signedpath = 0;
- Key *tkey;
-
memset(&sessionkey, 0, sizeof(sessionkey));
memset(&adtkt, 0, sizeof(adtkt));
krb5_data_zero(&rspac);
@@ -1582,7 +1578,7 @@ server_lookup:
if(i == b->etype.len) {
kdc_log(context, config, 0,
"Addition ticket have not matching etypes", spp);
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return KRB5KDC_ERR_ETYPE_NOSUPP;
}
etype = b->etype.val[i];
@@ -1632,22 +1628,26 @@ server_lookup:
}
/* check PAC if not cross realm and if there is one */
- ret = hdb_enctype2key(context, &krbtgt->entry,
- krbtgt_etype, &tkey);
- if(ret) {
- kdc_log(context, config, 0,
+ if (!cross_realm) {
+ Key *tkey;
+
+ ret = hdb_enctype2key(context, &krbtgt->entry,
+ krbtgt_etype, &tkey);
+ if(ret) {
+ kdc_log(context, config, 0,
"Failed to find key for krbtgt PAC check");
- goto out;
- }
+ goto out;
+ }
- ret = check_PAC(context, config, cp,
- client, server, ekey, &tkey->key,
- tgt, &rspac, &signedpath);
- if (ret) {
- kdc_log(context, config, 0,
- "Verify PAC failed for %s (%s) from %s with %s",
- spn, cpn, from, krb5_get_err_text(context, ret));
- goto out;
+ ret = check_PAC(context, config, cp,
+ client, server, ekey, &tkey->key,
+ tgt, &rspac, &signedpath);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Verify PAC failed for %s (%s) from %s with %s",
+ spn, cpn, from, krb5_get_err_text(context, ret));
+ goto out;
+ }
}
/* also check the krbtgt for signature */
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index 33991d1907..83e05b81c5 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -59,13 +59,13 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
static krb5_error_code
-verify_req_hash(krb5_context context,
+verify_req_hash(krb5_context context,
const Kx509Request *req,
krb5_keyblock *key)
{
unsigned char digest[SHA_DIGEST_LENGTH];
HMAC_CTX ctx;
-
+
if (req->pk_hash.length != sizeof(digest)) {
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
"pk-hash have wrong length: %lu",
@@ -74,8 +74,8 @@ verify_req_hash(krb5_context context,
}
HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx,
- key->keyvalue.data, key->keyvalue.length,
+ HMAC_Init_ex(&ctx,
+ key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
if (sizeof(digest) != HMAC_size(&ctx))
krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
@@ -98,11 +98,11 @@ calculate_reply_hash(krb5_context context,
Kx509Response *rep)
{
HMAC_CTX ctx;
-
+
HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx,
- key->keyvalue.data, key->keyvalue.length,
+ HMAC_Init_ex(&ctx,
+ key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
rep->hash->length = HMAC_size(&ctx);
rep->hash->data = malloc(rep->hash->length);
@@ -133,11 +133,11 @@ calculate_reply_hash(krb5_context context,
}
/*
- * Build a certifate for `principal´ that will expire at `endtime´.
+ * Build a certifate for `principal´ that will expire at `endtime´.
*/
static krb5_error_code
-build_certificate(krb5_context context,
+build_certificate(krb5_context context,
krb5_kdc_configuration *config,
const krb5_data *key,
time_t endtime,
@@ -159,8 +159,8 @@ build_certificate(krb5_context context,
ret = hx509_context_init(&hxctx);
if (ret)
goto out;
-
- ret = hx509_env_add(hxctx, &env, "principal-name",
+
+ ret = hx509_env_add(hxctx, &env, "principal-name",
krb5_principal_get_comp_string(context, principal, 0));
if (ret)
goto out;
@@ -208,7 +208,7 @@ build_certificate(krb5_context context,
spki.subjectPublicKey.data = key->data;
spki.subjectPublicKey.length = key->length * 8;
- ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(),
+ ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(),
&spki.algorithm.algorithm);
any.data = "\x05\x00";
@@ -239,7 +239,7 @@ build_certificate(krb5_context context,
config->kx509_template);
goto out;
}
- ret = hx509_ca_tbs_set_template(hxctx, tbs,
+ ret = hx509_ca_tbs_set_template(hxctx, tbs,
HX509_CA_TEMPLATE_SUBJECT|
HX509_CA_TEMPLATE_KU|
HX509_CA_TEMPLATE_EKU,
@@ -265,7 +265,7 @@ build_certificate(krb5_context context,
hx509_cert_free(cert);
if (ret)
goto out;
-
+
hx509_context_free(&hxctx);
return 0;
@@ -287,7 +287,7 @@ out:
*/
krb5_error_code
-_kdc_do_kx509(krb5_context context,
+_kdc_do_kx509(krb5_context context,
krb5_kdc_configuration *config,
const Kx509Request *req, krb5_data *reply,
const char *from, struct sockaddr *addr)
@@ -307,7 +307,7 @@ _kdc_do_kx509(krb5_context context,
memset(&rep, 0, sizeof(rep));
if(!config->enable_kx509) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"Rejected kx509 request (disabled) from %s", from);
return KRB5KDC_ERR_POLICY;
}
@@ -320,7 +320,7 @@ _kdc_do_kx509(krb5_context context,
goto out;
}
- ret = krb5_rd_req(context,
+ ret = krb5_rd_req(context,
&ac,
&req->authenticator,
NULL,
@@ -337,7 +337,7 @@ _kdc_do_kx509(krb5_context context,
ret = krb5_unparse_name(context, cprincipal, &cname);
if (ret)
goto out;
-
+
/* verify server principal */
ret = krb5_sname_to_principal(context, NULL, "kca_service",
@@ -362,7 +362,7 @@ _kdc_do_kx509(krb5_context context,
goto out;
}
}
-
+
ret = krb5_auth_con_getkey(context, ac, &key);
if (ret == 0 && key == NULL)
ret = KRB5KDC_ERR_NULL_KEY;
@@ -370,7 +370,7 @@ _kdc_do_kx509(krb5_context context,
krb5_set_error_message(context, ret, "Kx509 can't get session key");
goto out;
}
-
+
ret = verify_req_hash(context, req, key);
if (ret)
goto out;
@@ -398,7 +398,7 @@ _kdc_do_kx509(krb5_context context,
goto out;
krb5_data_zero(rep.hash);
- ret = build_certificate(context, config, &req->pk_key,
+ ret = build_certificate(context, config, &req->pk_key,
krb5_ticket_get_endtime(context, ticket),
cprincipal, rep.certificate);
if (ret)
diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c
index 98b25b92db..b4161da45d 100644
--- a/source4/heimdal/kdc/log.c
+++ b/source4/heimdal/kdc/log.c
@@ -1,41 +1,41 @@
/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
RCSID("$Id$");
void
-kdc_openlog(krb5_context context,
+kdc_openlog(krb5_context context,
krb5_kdc_configuration *config)
{
char **s = NULL, **p;
@@ -57,7 +57,7 @@ kdc_openlog(krb5_context context,
}
char*
-kdc_log_msg_va(krb5_context context,
+kdc_log_msg_va(krb5_context context,
krb5_kdc_configuration *config,
int level, const char *fmt, va_list ap)
{
@@ -67,7 +67,7 @@ kdc_log_msg_va(krb5_context context,
}
char*
-kdc_log_msg(krb5_context context,
+kdc_log_msg(krb5_context context,
krb5_kdc_configuration *config,
int level, const char *fmt, ...)
{
@@ -80,7 +80,7 @@ kdc_log_msg(krb5_context context,
}
void
-kdc_log(krb5_context context,
+kdc_log(krb5_context context,
krb5_kdc_configuration *config,
int level, const char *fmt, ...)
{
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 0c64dd568e..8a53fc8827 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -58,11 +58,11 @@ _kdc_db_fetch(krb5_context context,
for(i = 0; i < config->num_db; i++) {
ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
if (ret) {
- kdc_log(context, config, 0, "Failed to open database: %s",
+ kdc_log(context, config, 0, "Failed to open database: %s",
krb5_get_err_text(context, ret));
continue;
}
- ret = config->db[i]->hdb_fetch(context,
+ ret = config->db[i]->hdb_fetch(context,
config->db[i],
principal,
flags | HDB_F_DECRYPT,
@@ -116,7 +116,7 @@ _kdc_get_preferred_key(krb5_context context,
}
}
- krb5_set_error_message(context, EINVAL,
+ krb5_set_error_message(context, EINVAL,
"No valid kerberos key found for %s", name);
return EINVAL;
}
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 57767c4f48..82358682d8 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2003 - 2008 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -90,7 +90,7 @@ pk_check_pkauthenticator_win2k(krb5_context context,
/* XXX cusec */
if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return KRB5KRB_AP_ERR_SKEW;
}
return 0;
@@ -112,13 +112,13 @@ pk_check_pkauthenticator(krb5_context context,
/* XXX cusec */
if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return KRB5KRB_AP_ERR_SKEW;
}
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return ret;
}
if (buf_size != len)
@@ -133,18 +133,18 @@ pk_check_pkauthenticator(krb5_context context,
&checksum);
free(buf);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return ret;
}
if (a->paChecksum == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
goto out;
}
if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = KRB5KRB_ERR_GENERIC;
}
@@ -155,7 +155,7 @@ out:
}
void
-_kdc_pk_free_client_param(krb5_context context,
+_kdc_pk_free_client_param(krb5_context context,
pk_client_params *client_params)
{
if (client_params->cert)
@@ -293,7 +293,7 @@ get_dh_param(krb5_context context,
}
- ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
+ ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
&dhparam.p, &dhparam.g, &dhparam.q, moduli,
&client_params->dh_group_name);
if (ret) {
@@ -327,7 +327,7 @@ get_dh_param(krb5_context context,
&glue,
&size);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return ret;
}
@@ -344,7 +344,7 @@ get_dh_param(krb5_context context,
client_params->dh = dh;
dh = NULL;
ret = 0;
-
+
out:
if (dh)
DH_free(dh);
@@ -368,10 +368,10 @@ _kdc_pk_rd_padata(krb5_context context,
int have_data = 0;
*ret_params = NULL;
-
+
if (!config->enable_pkinit) {
kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return 0;
}
@@ -379,7 +379,7 @@ _kdc_pk_rd_padata(krb5_context context,
client_params = calloc(1, sizeof(*client_params));
if (client_params == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
ret = ENOMEM;
goto out;
}
@@ -405,7 +405,7 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data);
free_PA_PK_AS_REQ_Win2k(&r);
if (ret) {
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Can't decode PK-AS-REQ: %d", ret);
goto out;
}
@@ -474,7 +474,7 @@ _kdc_pk_rd_padata(krb5_context context,
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
continue;
- hx509_certs_add(kdc_identity->hx509ctx,
+ hx509_certs_add(kdc_identity->hx509ctx,
client_params->client_anchors, cert);
hx509_cert_free(cert);
}
@@ -486,13 +486,13 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data);
free_PA_PK_AS_REQ(&r);
if (ret) {
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"Can't unwrap ContentInfo: %d", ret);
goto out;
}
- } else {
- krb5_clear_error_string(context);
+ } else {
+ krb5_clear_error_message(context);
ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
goto out;
}
@@ -500,7 +500,7 @@ _kdc_pk_rd_padata(krb5_context context,
ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
if (ret != 0) {
ret = KRB5KRB_ERR_GENERIC;
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
"PK-AS-REQ-Win2k invalid content type oid");
goto out;
}
@@ -559,8 +559,8 @@ _kdc_pk_rd_padata(krb5_context context,
krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
goto out;
}
-
- ret = pk_check_pkauthenticator_win2k(context,
+
+ ret = pk_check_pkauthenticator_win2k(context,
&ap.pkAuthenticator,
req);
if (ret) {
@@ -590,8 +590,8 @@ _kdc_pk_rd_padata(krb5_context context,
free_AuthPack(&ap);
goto out;
}
-
- ret = pk_check_pkauthenticator(context,
+
+ ret = pk_check_pkauthenticator(context,
&ap.pkAuthenticator,
req);
if (ret) {
@@ -603,7 +603,7 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) {
- ret = get_dh_param(context, config,
+ ret = get_dh_param(context, config,
ap.clientPublicValue, client_params);
if (ret) {
free_AuthPack(&ap);
@@ -659,7 +659,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
integer->length = BN_num_bytes(bn);
integer->data = malloc(integer->length);
if (integer->data == NULL) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return ENOMEM;
}
BN_bn2bin(bn, integer->data);
@@ -676,7 +676,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_keyblock *reply_key,
ContentInfo *content_info)
{
- const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
+ const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
krb5_error_code ret;
krb5_data buf, signed_data;
size_t size;
@@ -699,29 +699,31 @@ pk_mk_pa_reply_enckey(krb5_context context,
{
do_win2k = 1;
}
+ sdAlg = oid_id_pkcs7_data();
+ evAlg = oid_id_pkcs7_data();
+ envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
break;
}
case PKINIT_27:
+ sdAlg = oid_id_pkrkeydata();
+ evAlg = oid_id_pkcs7_signedData();
break;
default:
krb5_abortx(context, "internal pkinit error");
- }
+ }
if (do_win2k) {
ReplyKeyPack_Win2k kp;
memset(&kp, 0, sizeof(kp));
- envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
- sdAlg = oid_id_pkcs7_data();
-
ret = copy_EncryptionKey(reply_key, &kp.replyKey);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
kp.nonce = client_params->nonce;
- ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
+ ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
buf.data, buf.length,
&kp, &size,ret);
free_ReplyKeyPack_Win2k(&kp);
@@ -730,17 +732,15 @@ pk_mk_pa_reply_enckey(krb5_context context,
ReplyKeyPack kp;
memset(&kp, 0, sizeof(kp));
- sdAlg = oid_id_pkrkeydata();
-
ret = copy_EncryptionKey(reply_key, &kp.replyKey);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
@@ -748,13 +748,13 @@ pk_mk_pa_reply_enckey(krb5_context context,
req_buffer->data, req_buffer->length,
&kp.asChecksum);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
-
+
ret = krb5_crypto_destroy(context, ascrypto);
if (ret) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
goto out;
}
ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
@@ -779,9 +779,9 @@ pk_mk_pa_reply_enckey(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
- ret = hx509_certs_find(kdc_identity->hx509ctx,
- kdc_identity->certs,
- q,
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
&cert);
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
@@ -802,7 +802,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
}
krb5_data_free(&buf);
- if (ret)
+ if (ret)
goto out;
if (client_params->type == PKINIT_WIN2K) {
@@ -818,12 +818,12 @@ pk_mk_pa_reply_enckey(krb5_context context,
ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
0,
client_params->cert,
- signed_data.data, signed_data.length,
+ signed_data.data, signed_data.length,
envelopedAlg,
- oid_id_pkcs7_signedData(), &buf);
+ evAlg, &buf);
if (ret)
goto out;
-
+
ret = _krb5_pk_mk_ContentInfo(context,
&buf,
oid_id_pkcs7_envelopedData(),
@@ -875,10 +875,10 @@ pk_mk_pa_reply_dh(krb5_context context,
dh_info.subjectPublicKey.length = buf.length * 8;
dh_info.subjectPublicKey.data = buf.data;
-
+
dh_info.nonce = client_params->nonce;
- ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
+ ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
ret);
if (ret) {
krb5_set_error_message(context, ret, "ASN.1 encoding of "
@@ -888,7 +888,7 @@ pk_mk_pa_reply_dh(krb5_context context,
if (buf.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
- /*
+ /*
* Create the SignedData structure and sign the KdcDHKeyInfo
* filled in above
*/
@@ -904,9 +904,9 @@ pk_mk_pa_reply_dh(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
- ret = hx509_certs_find(kdc_identity->hx509ctx,
- kdc_identity->certs,
- q,
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
&cert);
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
@@ -971,7 +971,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
int i;
if (!config->enable_pkinit) {
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
return 0;
}
@@ -1004,7 +1004,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
rep.element = choice_PA_PK_AS_REP_encKeyPack;
- ret = krb5_generate_random_keyblock(context, enctype,
+ ret = krb5_generate_random_keyblock(context, enctype,
&client_params->reply_key);
if (ret) {
free_PA_PK_AS_REP(&rep);
@@ -1021,8 +1021,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
free_PA_PK_AS_REP(&rep);
goto out;
}
- ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
- rep.u.encKeyPack.length, &info, &size,
+ ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
+ rep.u.encKeyPack.length, &info, &size,
ret);
free_ContentInfo(&info);
if (ret) {
@@ -1049,7 +1049,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
return ret;
ret = pk_mk_pa_reply_dh(context, client_params->dh,
- client_params,
+ client_params,
&client_params->reply_key,
&info,
&kdc_cert);
@@ -1100,7 +1100,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
pa_type = KRB5_PADATA_PK_AS_REP_19;
rep.element = choice_PA_PK_AS_REP_encKeyPack;
- ret = krb5_generate_random_keyblock(context, enctype,
+ ret = krb5_generate_random_keyblock(context, enctype,
&client_params->reply_key);
if (ret) {
free_PA_PK_AS_REP_Win2k(&rep);
@@ -1117,8 +1117,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
free_PA_PK_AS_REP_Win2k(&rep);
goto out;
}
- ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
- rep.u.encKeyPack.length, &info, &size,
+ ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
+ rep.u.encKeyPack.length, &info, &size,
ret);
free_ContentInfo(&info);
if (ret) {
@@ -1164,7 +1164,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
if (fd < 0) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"PK-INIT failed to open ocsp data file %d", errno);
goto out_ocsp;
}
@@ -1172,15 +1172,15 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (ret) {
ret = errno;
close(fd);
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"PK-INIT failed to stat ocsp data %d", ret);
goto out_ocsp;
}
-
+
ret = krb5_data_alloc(&ocsp.data, sb.st_size);
if (ret) {
close(fd);
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"PK-INIT failed to stat ocsp data %d", ret);
goto out_ocsp;
}
@@ -1188,7 +1188,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret = read(fd, ocsp.data.data, sb.st_size);
close(fd);
if (ret != sb.st_size) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"PK-INIT failed to read ocsp data %d", errno);
goto out_ocsp;
}
@@ -1200,7 +1200,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ocsp.data.data, ocsp.data.length,
&ocsp.expire);
if (ret) {
- kdc_log(context, config, 0,
+ kdc_log(context, config, 0,
"PK-INIT failed to verify ocsp data %d", ret);
krb5_data_free(&ocsp.data);
ocsp.expire = 0;
@@ -1216,7 +1216,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
- ret = krb5_padata_add(context, md,
+ ret = krb5_padata_add(context, md,
KRB5_PADATA_PA_PK_OCSP_RESPONSE,
ocsp.data.data, ocsp.data.length);
if (ret) {
@@ -1237,10 +1237,10 @@ out:
}
static int
-match_rfc_san(krb5_context context,
+match_rfc_san(krb5_context context,
krb5_kdc_configuration *config,
hx509_context hx509ctx,
- hx509_cert client_cert,
+ hx509_cert client_cert,
krb5_const_principal match)
{
hx509_octet_string_list list;
@@ -1260,7 +1260,7 @@ match_rfc_san(krb5_context context,
KRB5PrincipalName kn;
size_t size;
- ret = decode_KRB5PrincipalName(list.val[i].data,
+ ret = decode_KRB5PrincipalName(list.val[i].data,
list.val[i].length,
&kn, &size);
if (ret) {
@@ -1284,7 +1284,7 @@ match_rfc_san(krb5_context context,
}
out:
- hx509_free_octet_string_list(&list);
+ hx509_free_octet_string_list(&list);
if (ret)
return ret;
@@ -1295,10 +1295,10 @@ out:
}
static int
-match_ms_upn_san(krb5_context context,
+match_ms_upn_san(krb5_context context,
krb5_kdc_configuration *config,
hx509_context hx509ctx,
- hx509_cert client_cert,
+ hx509_cert client_cert,
krb5_const_principal match)
{
hx509_octet_string_list list;
@@ -1337,7 +1337,7 @@ match_ms_upn_san(krb5_context context,
goto out;
}
- /*
+ /*
* This is very wrong, but will do for now, should really and a
* plugin to the windc layer to very this ACL.
*/
@@ -1349,7 +1349,7 @@ match_ms_upn_san(krb5_context context,
out:
if (principal)
krb5_free_principal(context, principal);
- hx509_free_octet_string_list(&list);
+ hx509_free_octet_string_list(&list);
if (ret)
return ret;
@@ -1383,7 +1383,7 @@ _kdc_pk_check_client(krb5_context context,
return ret;
kdc_log(context, config, 0,
- "Trying to authorize PK-INIT subject DN %s",
+ "Trying to authorize PK-INIT subject DN %s",
*subject_name);
if (config->pkinit_princ_in_cert) {
@@ -1460,7 +1460,7 @@ _kdc_pk_check_client(krb5_context context,
}
static krb5_error_code
-add_principal_mapping(krb5_context context,
+add_principal_mapping(krb5_context context,
const char *principal_name,
const char * subject)
{
@@ -1502,7 +1502,7 @@ _kdc_add_inital_verified_cas(krb5_context context,
size_t size;
memset(&cas, 0, sizeof(cas));
-
+
/* XXX add CAs to cas here */
ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
@@ -1512,7 +1512,7 @@ _kdc_add_inital_verified_cas(krb5_context context,
if (data.length != size)
krb5_abortx(context, "internal asn.1 encoder error");
- ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
+ ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
&data);
krb5_data_free(&data);
@@ -1537,7 +1537,7 @@ load_mappings(krb5_context context, const char *fn)
while (fgets(buf, sizeof(buf), f) != NULL) {
char *subject_name, *p;
-
+
buf[strcspn(buf, "\n")] = '\0';
lineno++;
@@ -1561,11 +1561,11 @@ load_mappings(krb5_context context, const char *fn)
lineno, buf);
continue;
}
- }
+ }
fclose(f);
}
-
+
/*
*
*/
@@ -1637,7 +1637,7 @@ _kdc_pk_initialize(krb5_context context,
"certifiate with a public key");
}
- ret = krb5_config_get_bool_default(context,
+ ret = krb5_config_get_bool_default(context,
NULL,
FALSE,
"kdc",
@@ -1645,7 +1645,7 @@ _kdc_pk_initialize(krb5_context context,
NULL);
_krb5_pk_allow_proxy_certificate(kdc_identity, ret);
- file = krb5_config_get_string(context,
+ file = krb5_config_get_string(context,
NULL,
"kdc",
"pkinit_mappings_file",
diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c
index 1a0c7c72ce..a27911914b 100644
--- a/source4/heimdal/kdc/process.c
+++ b/source4/heimdal/kdc/process.c
@@ -1,35 +1,35 @@
/*
- * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
*
- * All rights reserved.
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -55,10 +55,10 @@ krb5_kdc_update_time(struct timeval *tv)
*/
int
-krb5_kdc_process_request(krb5_context context,
+krb5_kdc_process_request(krb5_context context,
krb5_kdc_configuration *config,
- unsigned char *buf,
- size_t len,
+ unsigned char *buf,
+ size_t len,
krb5_data *reply,
krb5_boolean *prependlength,
const char *from,
@@ -78,7 +78,7 @@ krb5_kdc_process_request(krb5_context context,
req_buffer.data = buf;
req_buffer.length = len;
- ret = _kdc_as_rep(context, config, &req, &req_buffer,
+ ret = _kdc_as_rep(context, config, &req, &req_buffer,
reply, from, addr, datagram_reply);
free_AS_REQ(&req);
return ret;
@@ -100,7 +100,7 @@ krb5_kdc_process_request(krb5_context context,
return ret;
} else if(_kdc_maybe_version4(buf, len)){
*prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */
- ret = _kdc_do_version4(context, config, buf, len, reply, from,
+ ret = _kdc_do_version4(context, config, buf, len, reply, from,
(struct sockaddr_in*)addr);
return ret;
} else if (config->enable_kaserver) {
@@ -108,7 +108,7 @@ krb5_kdc_process_request(krb5_context context,
(struct sockaddr_in*)addr);
return ret;
}
-
+
return -1;
}
@@ -120,10 +120,10 @@ krb5_kdc_process_request(krb5_context context,
*/
int
-krb5_kdc_process_krb5_request(krb5_context context,
+krb5_kdc_process_krb5_request(krb5_context context,
krb5_kdc_configuration *config,
- unsigned char *buf,
- size_t len,
+ unsigned char *buf,
+ size_t len,
krb5_data *reply,
const char *from,
struct sockaddr *addr,
@@ -156,7 +156,7 @@ krb5_kdc_process_krb5_request(krb5_context context,
*/
int
-krb5_kdc_save_request(krb5_context context,
+krb5_kdc_save_request(krb5_context context,
const char *fn,
const unsigned char *buf,
size_t len,
@@ -181,7 +181,7 @@ krb5_kdc_save_request(krb5_context context,
krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn);
return saved_errno;
}
-
+
sp = krb5_storage_from_fd(fd);
close(fd);
if (sp == NULL) {
diff --git a/source4/heimdal/kdc/rx.h b/source4/heimdal/kdc/rx.h
index a84e5ec5f5..f914e93e6e 100644
--- a/source4/heimdal/kdc/rx.h
+++ b/source4/heimdal/kdc/rx.h
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
/* $Id$ */
diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c
index e057a3e6fb..fe3cd997e7 100644
--- a/source4/heimdal/kdc/windc.c
+++ b/source4/heimdal/kdc/windc.c
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -72,9 +72,9 @@ krb5_kdc_windc_init(krb5_context context)
}
-krb5_error_code
+krb5_error_code
_kdc_pac_generate(krb5_context context,
- hdb_entry_ex *client,
+ hdb_entry_ex *client,
krb5_pac *pac)
{
*pac = NULL;
@@ -83,8 +83,8 @@ _kdc_pac_generate(krb5_context context,
return (windcft->pac_generate)(windcctx, context, client, pac);
}
-krb5_error_code
-_kdc_pac_verify(krb5_context context,
+krb5_error_code
+_kdc_pac_verify(krb5_context context,
const krb5_principal client_principal,
hdb_entry_ex *client,
hdb_entry_ex *server,
@@ -94,7 +94,7 @@ _kdc_pac_verify(krb5_context context,
krb5_set_error_message(context, EINVAL, "Can't verify PAC, no function");
return EINVAL;
}
- return (windcft->pac_verify)(windcctx, context,
+ return (windcft->pac_verify)(windcctx, context,
client_principal, client, server, pac);
}
diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h
index 3780258ad0..34016694b2 100644
--- a/source4/heimdal/kdc/windc_plugin.h
+++ b/source4/heimdal/kdc/windc_plugin.h
@@ -1,34 +1,34 @@
/*
- * Copyright (c) 2006 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
/* $Id$ */
@@ -51,18 +51,18 @@
struct hdb_entry_ex;
-typedef krb5_error_code
+typedef krb5_error_code
(*krb5plugin_windc_pac_generate)(void *, krb5_context,
struct hdb_entry_ex *, krb5_pac *);
-typedef krb5_error_code
+typedef krb5_error_code
(*krb5plugin_windc_pac_verify)(void *, krb5_context,
const krb5_principal,
- struct hdb_entry_ex *,
+ struct hdb_entry_ex *,
struct hdb_entry_ex *,
krb5_pac *);
-typedef krb5_error_code
+typedef krb5_error_code
(*krb5plugin_windc_client_access)(
void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *);