/* allow either constructed or primitive encoding, so check for bit 6
set or reset */
#define krb5int_is_app_tag(dat,tag) \
- ((dat != NULL) && (dat)->length && \
+ ((dat != NULL) && (dat)->length && \
((((dat)->data[0] & ~0x20) == ((tag) | 0x40))))
#define krb5_is_krb_ticket(dat) krb5int_is_app_tag(dat, 1)
#define krb5_is_krb_authenticator(dat) krb5int_is_app_tag(dat, 2)
#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
#define TKT_FLG_OK_AS_DELEGATE 0x00040000
#define TKT_FLG_ENC_PA_REP 0x00010000
- #define TKT_FLG_ANONYMOUS 0x00008000
+#define TKT_FLG_ANONYMOUS 0x00008000
/* #define TKT_FLG_RESERVED 0x00004000 */
/* #define TKT_FLG_RESERVED 0x00002000 */
/* #define TKT_FLG_RESERVED 0x00001000 */
case 'n':
use_anonymous++;
break;
- case 't':
+ case 't':
keytab_name = optarg;
break;
case 'w':
printf("Authenticating as principal %s with password; anonymous requested.\n",
princstr);
retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms,
- KADM5_STRUCT_VERSION,
- KADM5_API_VERSION_3, db_args, &handle);
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_3, db_args, &handle);
} else if (use_keytab) {
if (keytab_name)
printf("Authenticating as principal %s with keytab %s.\n",
krb5_free_context(context);
*minor_status = code;
return GSS_S_FAILURE;
- }
+ }
}
else {
#ifndef NO_PASSWORD
char **db_args,
void **server_handle);
kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
- char *service_name,
- kadm5_config_params *params,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ char **db_args,
void **server_handle);
kadm5_ret_t kadm5_init_with_password(krb5_context context,
char *client_name,
}
kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
- char *service_name,
- kadm5_config_params *params,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle)
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ char **db_args,
+ void **server_handle)
{
return _kadm5_init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
service_name, params, struct_version,
krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache);
if (init_type == INIT_ANONYMOUS)
krb5_get_init_creds_opt_set_anonymous(opt, 1);
- }
+ }
if (init_type == INIT_PASS || init_type == INIT_ANONYMOUS) {
code = krb5_get_init_creds_password(ctx, &outcreds, client, pass,
if (client_name) {
buf.value = client_name;
buf.length = strlen((char *)buf.value) + 1;
- gssstat = gss_import_name(&minor_stat, &buf,
- (gss_OID) gss_nt_krb5_name, &gss_client);
+ gssstat = gss_import_name(&minor_stat, &buf,
+ (gss_OID) gss_nt_krb5_name, &gss_client);
} else gss_client = GSS_C_NO_NAME;
if (gssstat != GSS_S_COMPLETE) {
}
kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
- char *service_name,
- kadm5_config_params *params,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle)
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ char **db_args,
+ void **server_handle)
{
return kadm5_init(context, client_name, NULL, service_name, params,
struct_version, api_version, db_args,
IS_TGS_PRINC(context, as_reply->enc_part2->server);
if ((!canon_ok ) && (request->kdc_options &KDC_OPT_REQUEST_ANONYMOUS))
canon_ok = krb5_principal_compare_any_realm(context, as_reply->client,
- krb5_anonymous_principal());
+ krb5_anonymous_principal());
} else
canon_ok = 0;
if (client->length == 1 && client->data[0].length ==0) {
krb5_principal new_client;
code = krb5_build_principal_ext(context, &new_client, client->realm.length,
- client->realm.data,
- strlen(KRB5_WELLKNOWN_NAMESTR),
- KRB5_WELLKNOWN_NAMESTR,
- strlen(KRB5_ANONYMOUS_PRINCSTR),
- KRB5_ANONYMOUS_PRINCSTR,
- 0);
+ client->realm.data,
+ strlen(KRB5_WELLKNOWN_NAMESTR),
+ KRB5_WELLKNOWN_NAMESTR,
+ strlen(KRB5_ANONYMOUS_PRINCSTR),
+ KRB5_ANONYMOUS_PRINCSTR,
+ 0);
if (code)
goto cleanup;
krb5_free_principal(context, ctx->request->client);
ctx->request->client = new_client;
- krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN;
+ krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN;
}
}
/*We will also handle anonymous if the input principal is the anonymous principal*/
if (retval)
return retval;
opte->opt_private->fast_flags = flags;
- return retval;
+ return retval;
}
krb5_error_code KRB5_CALLCONV
if (retval)
return retval;
*out_flags = opte->opt_private->fast_flags;
- return retval;
+ return retval;
}
-
reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT,
(unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
&req->signedAuthPack.data, &req->signedAuthPack.length);
- else retval = cms_signeddata_create(context, plgctx->cryptoctx,
- reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1,
- (unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
- &req->signedAuthPack.data, &req->signedAuthPack.length);
+ else retval = cms_signeddata_create(context, plgctx->cryptoctx,
+ reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1,
+ (unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
+ &req->signedAuthPack.data, &req->signedAuthPack.length);
#ifdef DEBUG_ASN1
print_buffer_bin((unsigned char *)req->signedAuthPack.data,
req->signedAuthPack.length,
unsigned char **authz_data,
unsigned int *authz_data_len,
int *is_signed)
- {
+{
krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
PKCS7 *p7 = NULL;
BIO *out = NULL;
OBJ_obj2nid(p7->type));
krb5_set_error_message(context, retval, "wrong oid\n");
goto cleanup;
- }
+ }
/* setup to verify X509 certificate used to sign PKCS7 message */
if (!(store = X509_STORE_new()))
krb5_pa_data *pa = NULL;
krb5_enc_data enc;
krb5_data *scratch = NULL;
- *out_padata = NULL;
- enc.ciphertext.data = NULL;
- if (!krb5_principal_compare(context, request->client,
- krb5_anonymous_principal()))
- return 0;
- /*
- *The KDC contribution key needs to be a fresh key of an
- *enctype supported by the client and server. The existing
- *session key meets these requirements so we use itt.
- */
- ret = krb5_c_fx_cf2_simple(context, session, "PKINIT",
- encrypting_key, "KEYEXCHANGE",
- &new_session);
- if (ret)
- goto cleanup;
- ret = encode_krb5_encryption_key( session, &scratch);
- if (ret)
- goto cleanup;
- ret = krb5_encrypt_helper( context, encrypting_key, KRB5_KEYUSAGE_PA_PKINIT_KX,
- scratch, &enc);
- if (ret)
- goto cleanup;
- memset(scratch->data, 0, scratch->length);
- krb5_free_data(context, scratch);
- scratch = NULL;
- ret = encode_krb5_enc_data(&enc, &scratch);
- if (ret)
- goto cleanup;
- pa = malloc(sizeof(krb5_pa_data));
- if (pa == NULL) {
- ret = ENOMEM;
- goto cleanup;
- }
- if (ret)
- goto cleanup;
- pa->pa_type = KRB5_PADATA_PKINIT_KX;
- pa->length = scratch->length;
- pa->contents = (krb5_octet *) scratch->data;
- *out_padata = pa;
- scratch->data = NULL;
- memset(session->contents, 0, session->length);
- krb5_free_keyblock_contents(context, session);
- *session = *new_session;
- new_session->contents = NULL;
+ *out_padata = NULL;
+ enc.ciphertext.data = NULL;
+ if (!krb5_principal_compare(context, request->client,
+ krb5_anonymous_principal()))
+ return 0;
+ /*
+ *The KDC contribution key needs to be a fresh key of an
+ *enctype supported by the client and server. The existing
+ *session key meets these requirements so we use itt.
+ */
+ ret = krb5_c_fx_cf2_simple(context, session, "PKINIT",
+ encrypting_key, "KEYEXCHANGE",
+ &new_session);
+ if (ret)
+ goto cleanup;
+ ret = encode_krb5_encryption_key( session, &scratch);
+ if (ret)
+ goto cleanup;
+ ret = krb5_encrypt_helper( context, encrypting_key, KRB5_KEYUSAGE_PA_PKINIT_KX,
+ scratch, &enc);
+ if (ret)
+ goto cleanup;
+ memset(scratch->data, 0, scratch->length);
+ krb5_free_data(context, scratch);
+ scratch = NULL;
+ ret = encode_krb5_enc_data(&enc, &scratch);
+ if (ret)
+ goto cleanup;
+ pa = malloc(sizeof(krb5_pa_data));
+ if (pa == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
+ if (ret)
+ goto cleanup;
+ pa->pa_type = KRB5_PADATA_PKINIT_KX;
+ pa->length = scratch->length;
+ pa->contents = (krb5_octet *) scratch->data;
+ *out_padata = pa;
+ scratch->data = NULL;
+ memset(session->contents, 0, session->length);
+ krb5_free_keyblock_contents(context, session);
+ *session = *new_session;
+ new_session->contents = NULL;
cleanup:
- krb5_free_data_contents(context, &enc.ciphertext);
- krb5_free_keyblock(context, new_session);
- krb5_free_data(context, scratch);
- return ret;
+ krb5_free_data_contents(context, &enc.ciphertext);
+ krb5_free_keyblock(context, new_session);
+ krb5_free_data(context, scratch);
+ return ret;
}
static krb5_error_code
projects / thirdparty / krb5.git / commitdiff
