Merge with head of trunk. Pulled in Ken's fix for db2 hash bug on

author Will Fiveash <will.fiveash@oracle.com>

Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)

committer Will Fiveash <will.fiveash@oracle.com>

Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)
author Will Fiveash <will.fiveash@oracle.com>
Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)
committer Will Fiveash <will.fiveash@oracle.com>
Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)
diff --git a/src/include/k5-buf.h b/src/include/k5-buf.h

index de869d34798065795767fc1e3c75c246249f2d93..4f7a939a907b7efeee76127e1522f9056251f5b9 100644 (file)
--- a/src/include/k5-buf.h
+++ b/src/include/k5-buf.h
@@ -9,7 +9,7 @@
   *   require a specific license from the United States Government.
   *   It is the responsibility of any person or organization contemplating
   *   export to obtain such a license before exporting.
- * 
+ *
   * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   * distribute this software and its documentation for any purpose and
   * without fee is hereby granted, provided that the above copyright
@@ -17,13 +17,13 @@
   * this permission notice appear in supporting documentation, and that
   * the name of M.I.T. not be used in advertising or publicity pertaining
   * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission.  Furthermore if you modify this software you must label
   * your software as modified software and not distribute it in such a
   * fashion that it might be confused with the original M.I.T. software.
   * M.I.T. makes no representations about the suitability of
   * this software for any purpose.  It is provided "as is" without express
   * or implied warranty.
- * 
+ *
   *
   * k5buf string buffer module interface
   */
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c

index 4955a448fb5574c864d14bed868998546649cdb4..af6673d079ce66aac7a2beaf4e9d0eaffb4dd9de 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1486,7 +1486,7 @@ void kadmin_getprinc(argc, argv)
      retval = krb5_unparse_name(context, dprinc.principal, &canon);
      if (retval) {
         com_err("get_principal", retval, "while canonicalizing principal");
-       krb5_free_principal(context, princ);
+       kadm5_free_principal_ent(handle, &dprinc);
         return;
      }
      retval = krb5_unparse_name(context, dprinc.mod_name, &modcanon);
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c

index 53f2e59bafe81584cec7a21decd868d78f1f5dbe..517ea7d2c2cb74b812bd8c34a6a51671e9f77a29 100644 (file)
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -39,6 +39,7 @@ process_chpw_request(context, server_handle, realm, keytab,
      int numresult;
      char strresult[1024];
      char *clientstr = NULL, *targetstr = NULL;
+    const char *errmsg = NULL;
      size_t clen;
      char *cdots;
      struct sockaddr_storage ss;
@@ -244,6 +245,8 @@ process_chpw_request(context, server_handle, realm, keytab,
      ret = schpw_util_wrapper(server_handle, client, target,
                              (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
                              ptr, NULL, strresult, sizeof(strresult));
+    if (ret)
+       errmsg = krb5_get_error_message(context, ret);
  
      /* zap the password */
      memset(clear.data, 0, clear.length);
@@ -307,12 +310,12 @@ process_chpw_request(context, server_handle, realm, keytab,
                          addrbuf,
                          (int) clen, clientstr, cdots,
                          (int) tlen, targetp, tdots,
-                        ret ? krb5_get_error_message (context, ret) : "success");
+                        errmsg ? errmsg : "success");
      } else {
         krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s",
                          addrbuf,
                          (int) clen, clientstr, cdots,
-                        ret ? krb5_get_error_message (context, ret) : "success");
+                        errmsg ? errmsg : "success");
      }
      switch (ret) {
      case KADM5_AUTH_CHANGEPW:
@@ -467,6 +470,8 @@ bailout:
         krb5_free_unparsed_name(context, targetstr);
      if (clientstr)
         krb5_free_unparsed_name(context, clientstr);
+    if (errmsg)
+       krb5_free_error_message(context, errmsg);
  
      return(ret);
  }
diff --git a/src/kdc/network.c b/src/kdc/network.c

index fffaa1e788e10594a768b11917845c6cf1914bdb..4ebaf2b326c847ca7818bad1a083d37790124e4b 100644 (file)
--- a/src/kdc/network.c
+++ b/src/kdc/network.c
@@ -1163,6 +1163,7 @@ make_too_big_error (krb5_data **out)
      krb5_error_code retval;
      krb5_data *scratch;
  
+    *out = NULL;
      memset(&errpkt, 0, sizeof(errpkt));
  
      retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec);
diff --git a/src/lib/crypto/aead.h b/src/lib/crypto/aead.h

index d266ee65c41f65a6959d7f5ae2874b09a6160a28..2c99eb868ca5bba5f3ecd758c2985a9a1e25e9fc 100644 (file)
--- a/src/lib/crypto/aead.h
+++ b/src/lib/crypto/aead.h
@@ -1,7 +1,7 @@
  /*
   * lib/crypto/aead.h
   *
- * Copyright 2008 by the Massachusetts Institute of Technology.
+ * Copyright 2008, 2009 by the Massachusetts Institute of Technology.
   * All Rights Reserved.
   *
   * Export of this software from the United States of America may
@@ -25,6 +25,7 @@
   */
  
  #include "k5-int.h"
+#include "cksumtypes.h"
  
  /* AEAD helpers */
  
diff --git a/src/lib/crypto/arcfour/deps b/src/lib/crypto/arcfour/deps

index b28d5981371af3cf891ad40cbd6aded69d4dac8c..7dac302e09ae8214e8fc9c24053649631fc27352 100644 (file)
--- a/src/lib/crypto/arcfour/deps
+++ b/src/lib/crypto/arcfour/deps
@@ -21,7 +21,7 @@ arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \
    $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
    $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
-  arcfour-int.h arcfour.h arcfour_aead.c
+  $(srcdir)/../cksumtypes.h arcfour-int.h arcfour.h arcfour_aead.c
  arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
diff --git a/src/lib/crypto/cksumtypes.h b/src/lib/crypto/cksumtypes.h

index 71409d4272a415be15f89fd11f1847faa7cb4194..c667e8abe60b019b6439b93b998b180c2abd8b41 100644 (file)
--- a/src/lib/crypto/cksumtypes.h
+++ b/src/lib/crypto/cksumtypes.h
@@ -24,6 +24,8 @@
   * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
   */
  
+#ifndef CKSUMTYPES_H
+#define CKSUMTYPES_H
  #include "k5-int.h"
  
  struct krb5_cksumtypes {
@@ -57,3 +59,4 @@ struct krb5_cksumtypes {
  
  extern const struct krb5_cksumtypes krb5_cksumtypes_list[];
  extern const unsigned int krb5_cksumtypes_length;
+#endif
diff --git a/src/lib/crypto/deps b/src/lib/crypto/deps

index 9fc065e76f5f2cc4b130e95456070b488069a53c..ef503eeaf1e6c34fa414fd3f1b188cade2fea8d3 100644 (file)
--- a/src/lib/crypto/deps
+++ b/src/lib/crypto/deps
@@ -85,8 +85,8 @@ crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \
    $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
    $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h aead.h crypto_length.c \
-  etypes.h
+  $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+  crypto_length.c etypes.h
  crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -116,7 +116,7 @@ decrypt.so decrypt.po $(OUTPRE)decrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  aead.h decrypt.c etypes.h
+  aead.h cksumtypes.h decrypt.c etypes.h
  decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -126,8 +126,8 @@ decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
    $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
    $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h aead.h decrypt_iov.c \
-  etypes.h
+  $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+  decrypt_iov.c etypes.h
  encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -137,7 +137,7 @@ encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  aead.h encrypt.c etypes.h
+  aead.h cksumtypes.h encrypt.c etypes.h
  encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -157,8 +157,8 @@ encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): \
    $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
    $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h aead.h encrypt_length.c \
-  etypes.h
+  $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+  encrypt_length.c etypes.h
  enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -203,7 +203,7 @@ hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  aead.h hmac.c
+  aead.h cksumtypes.h hmac.c
  keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
diff --git a/src/lib/crypto/des/deps b/src/lib/crypto/des/deps

index ed08da8696fb61b93d1a4cee21ed53b878cefed9..eb77b3298603975debadfa45233de2fd63f9aa80 100644 (file)
--- a/src/lib/crypto/des/deps
+++ b/src/lib/crypto/des/deps
@@ -30,7 +30,8 @@ d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h d3_aead.c des_int.h f_tables.h
+  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h d3_aead.c \
+  des_int.h f_tables.h
  d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -50,7 +51,8 @@ f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h des_int.h f_aead.c f_tables.h
+  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h des_int.h \
+  f_aead.c f_tables.h
  f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
diff --git a/src/lib/crypto/dk/deps b/src/lib/crypto/dk/deps

index 843adb3b29e478f4da5bc218dc63f6b603206a77..e901a54835de9ea7d5e7dfdc6bf526aea33fd6f4 100644 (file)
--- a/src/lib/crypto/dk/deps
+++ b/src/lib/crypto/dk/deps
@@ -11,7 +11,8 @@ checksum.so checksum.po $(OUTPRE)checksum.$(OBJEXT): \
    $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
    $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
-  $(srcdir)/../etypes.h checksum.c dk.h
+  $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h checksum.c \
+  dk.h
  dk_aead.so dk_aead.po $(OUTPRE)dk_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -21,7 +22,8 @@ dk_aead.so dk_aead.po $(OUTPRE)dk_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h dk.h dk_aead.c
+  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h dk.h \
+  dk_aead.c
  dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
diff --git a/src/lib/crypto/enc_provider/deps b/src/lib/crypto/enc_provider/deps

index 22d4cc4fddbd4b8599cfb77bc0005b1c5acfd10a..44c1e722bab4915f28d791bb68f57ba7e60b8618 100644 (file)
--- a/src/lib/crypto/enc_provider/deps
+++ b/src/lib/crypto/enc_provider/deps
@@ -10,8 +10,8 @@ des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des.c \
-  enc_provider.h
+  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../des/des_int.h \
+  des.c enc_provider.h
  des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -21,7 +21,8 @@ des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des3.c
+  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../des/des_int.h \
+  des3.c
  aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -32,7 +33,7 @@ aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
    $(srcdir)/../aead.h $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h \
-  aes.c enc_provider.h
+  $(srcdir)/../cksumtypes.h aes.c enc_provider.h
  rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
    $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
@@ -43,4 +44,5 @@ rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
    $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
    $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
    $(srcdir)/../aead.h $(srcdir)/../arcfour/arcfour-int.h \
-  $(srcdir)/../arcfour/arcfour.h enc_provider.h rc4.c
+  $(srcdir)/../arcfour/arcfour.h $(srcdir)/../cksumtypes.h \
+  enc_provider.h rc4.c
diff --git a/src/lib/crypto/keyhash_provider/deps b/src/lib/crypto/keyhash_provider/deps

index 5354756c820ae101cc71da91f1af97c4fc897049..026ff5201e44a0cda24d75ed7a0521404373a7aa 100644 (file)
--- a/src/lib/crypto/keyhash_provider/deps
+++ b/src/lib/crypto/keyhash_provider/deps
@@ -44,8 +44,8 @@ hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
    $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
    $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \
-  $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \
-  hmac_md5.c keyhash_provider.h
+  $(srcdir)/../cksumtypes.h $(srcdir)/../hash_provider/hash_provider.h \
+  $(srcdir)/../md5/rsa-md5.h hmac_md5.c keyhash_provider.h
  md5_hmac.so md5_hmac.po $(OUTPRE)md5_hmac.$(OBJEXT): \
    $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
    $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
diff --git a/src/lib/crypto/keyhash_provider/md5_hmac.c b/src/lib/crypto/keyhash_provider/md5_hmac.c

index 8c2591588ac13ec1f8cbdff58848e04fa9f289b4..e8aea745cc5f0cfa292fe54a7ceebf0896c638ee 100644 (file)
--- a/src/lib/crypto/keyhash_provider/md5_hmac.c
+++ b/src/lib/crypto/keyhash_provider/md5_hmac.c
@@ -54,6 +54,7 @@ k5_md5_hmac_hash (const krb5_keyblock *key, krb5_keyusage usage,
    krb5_MD5Update(&ctx, (unsigned char *)input->data, input->length);
    krb5_MD5Final(&ctx);
  
+  ds.magic = KV5M_DATA;
    ds.length = 16;
    ds.data = (char *)ctx.digest;
  
diff --git a/src/lib/crypto/raw/deps b/src/lib/crypto/raw/deps

index c457915590fe8be5f15105931ef9561e91379998..f80c49b487b1cafa582bd354d83158fee03e0a9e 100644 (file)
--- a/src/lib/crypto/raw/deps
+++ b/src/lib/crypto/raw/deps
@@ -31,4 +31,4 @@ raw_aead.so raw_aead.po $(OUTPRE)raw_aead.$(OBJEXT): \
    $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
    $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
    $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
-  raw.h raw_aead.c
+  $(srcdir)/../cksumtypes.h raw.h raw_aead.c
diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h

index 894899b95c14d4c4ec4be7ca3a9637390a49f9a4..b84f69e6a50f7510e8e868c4426d625c54c614c4 100644 (file)
--- a/src/lib/gssapi/generic/gssapiP_generic.h
+++ b/src/lib/gssapi/generic/gssapiP_generic.h
@@ -175,8 +175,8 @@ void g_make_token_header (const gss_OID_desc * mech, unsigned int body_size,
                            unsigned char **buf, int tok_type);
  
  /* flags for g_verify_token_header() */
-#define        G_VFY_TOKEN_HDR_WRAPPER_REQUIRED        0x01
-#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE                0x02
+#define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED        0x01
+#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE         0x02
  
  gss_int32 g_verify_token_header (const gss_OID_desc * mech,
                                   unsigned int *body_size,
@@ -263,19 +263,19 @@ generic_gss_str_to_oid(
  
  OM_uint32
  generic_gss_oid_compose(
-    OM_uint32 *,       /* minor_status */
-    const char *,      /* prefix */
-    size_t,            /* prefix_len */
-    int,               /* suffix */
-    gss_OID_desc *);   /* oid */
+    OM_uint32 *,        /* minor_status */
+    const char *,       /* prefix */
+    size_t,             /* prefix_len */
+    int,                /* suffix */
+    gss_OID_desc *);    /* oid */
  
  OM_uint32
  generic_gss_oid_decompose(
-    OM_uint32 *,       /* minor_status */
-    const char *,      /*prefix */
-    size_t,            /* prefix_len */
-    gss_OID_desc *,    /* oid */
-    int *);            /* suffix */
+    OM_uint32 *,        /* minor_status */
+    const char *,       /*prefix */
+    size_t,             /* prefix_len */
+    gss_OID_desc *,     /* oid */
+    int *);             /* suffix */
  
  int gssint_mecherrmap_init(void);
  void gssint_mecherrmap_destroy(void);
@@ -299,7 +299,7 @@ OM_uint32 generic_gss_release_buffer_set
  
  OM_uint32 generic_gss_copy_oid_set
  (OM_uint32 *, /* minor_status */
-           const gss_OID_set_desc *, /* const oidset*/
-           gss_OID_set * /*new_oidset*/);
+            const gss_OID_set_desc *, /* const oidset*/
+            gss_OID_set * /*new_oidset*/);
  
  #endif /* _GSSAPIP_GENERIC_H_ */
diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c

index 9497c3dc31799dbf88b7e9c3d91803349ba5e37d..14724619a9d2c66476cd21b11ca950a5a9818520 100644 (file)
--- a/src/lib/gssapi/generic/gssapi_generic.c
+++ b/src/lib/gssapi/generic/gssapi_generic.c
@@ -151,5 +151,5 @@ GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS           = oids+5;
  GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME         = oids+6;
  gss_OID gss_nt_exported_name                    = oids+6;
  
-GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY  = oids+7;
+GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY   = oids+7;
  
diff --git a/src/lib/gssapi/generic/gssapi_generic.h b/src/lib/gssapi/generic/gssapi_generic.h

index cd872e6edb9ae160187db1ef24969c88b2a176bf..c5399dc7275aa3ec0f3cfbbcf65445351eb098d8 100644 (file)
--- a/src/lib/gssapi/generic/gssapi_generic.h
+++ b/src/lib/gssapi/generic/gssapi_generic.h
@@ -38,8 +38,8 @@
  #define GSSAPIGENERIC_END_DECLS
  #endif
  
-#define        GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||\
-       (buf)->value == NULL || (buf)->length == 0)
+#define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||\
+        (buf)->value == NULL || (buf)->length == 0)
  
  GSSAPIGENERIC_BEGIN_DECLS
  
diff --git a/src/lib/gssapi/generic/util_canonhost.c b/src/lib/gssapi/generic/util_canonhost.c

index ef093e621f027eaff2fe0a9be0192092ca973691..6e953186df1f8431597b8543921ef433cc9d3136 100644 (file)
--- a/src/lib/gssapi/generic/util_canonhost.c
+++ b/src/lib/gssapi/generic/util_canonhost.c
@@ -45,25 +45,25 @@ g_canonicalize_host(char *hostname)
      char *canon, *str;
  
      if ((hent = gethostbyname(hostname)) == NULL)
-       return(NULL);
+        return(NULL);
  
      if (! (haddr = (char *) xmalloc(hent->h_length))) {
-       return(NULL);
+        return(NULL);
      }
  
      memcpy(haddr, hent->h_addr_list[0], hent->h_length);
  
      if (! (hent = gethostbyaddr(haddr, hent->h_length, hent->h_addrtype))) {
-       return(NULL);
+        return(NULL);
      }
  
      xfree(haddr);
  
      if ((canon = (char *) strdup(hent->h_name)) == NULL)
-       return(NULL);
+        return(NULL);
  
      for (str = canon; *str; str++)
-       if (isupper(*str)) *str = tolower(*str);
+        if (isupper(*str)) *str = tolower(*str);
  
      return(canon);
  }
diff --git a/src/lib/gssapi/generic/util_localhost.c b/src/lib/gssapi/generic/util_localhost.c

index c014400fb8d82e1328dedefec4e1919c576ae6a3..85e0980479358eeb854afa4517ab2e4023a27eaa 100644 (file)
--- a/src/lib/gssapi/generic/util_localhost.c
+++ b/src/lib/gssapi/generic/util_localhost.c
@@ -41,7 +41,7 @@ g_local_host_name(void)
      char buf[MAXHOSTNAMELEN+1], *ptr;
  
      if (gethostname(buf, sizeof(buf)) < 0)
-       return 0;
+        return 0;
  
      buf[sizeof(buf)-1] = '\0';
  
diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c

index 24d5325483ed70a1ecd1bd760d947ac6b1d79a3f..b59778836fbc1987e8863a4aca20703183ebabc4 100644 (file)
--- a/src/lib/gssapi/generic/util_token.c
+++ b/src/lib/gssapi/generic/util_token.c
@@ -195,7 +195,7 @@ g_verify_token_header(
          return(G_BAD_TOK_HEADER);
  
      if ((flags & G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE) == 0 &&
-       seqsize != toksize)
+        seqsize != toksize)
          return(G_BAD_TOK_HEADER);
  
      if ((toksize-=1) < 0)
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c

index 63ce92c1bbc6712179c7a97955d96bc22e44863c..e2ec1fe76a6423695d88623a0d105276f7fe5768 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -243,8 +243,8 @@ cleanup:
   */
  static OM_uint32
  kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
-             input_token, input_chan_bindings, src_name, mech_type,
-             output_token, ret_flags, time_rec, delegated_cred_handle)
+              input_token, input_chan_bindings, src_name, mech_type,
+              output_token, ret_flags, time_rec, delegated_cred_handle)
       OM_uint32 *minor_status;
       gss_ctx_id_t *context_handle;
       gss_cred_id_t verifier_cred_handle;
@@ -292,9 +292,9 @@ kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
     ap_rep.length = input_token->length;
  
     code = krb5_rd_rep_dce(ctx->k5_context,
-                         ctx->auth_context,
-                         &ap_rep,
-                         &nonce);
+                          ctx->auth_context,
+                          &ap_rep,
+                          &nonce);
     if (code != 0) {
         major_status = GSS_S_FAILURE;
         goto fail;
@@ -304,14 +304,14 @@ kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
  
     if (src_name) {
         if ((code = krb5_copy_principal(ctx->k5_context, ctx->there, &name))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
+           major_status = GSS_S_FAILURE;
+           goto fail;
         }
         /* intern the src_name */
         if (! kg_save_name((gss_name_t) name)) {
-          code = G_VALIDATE_FAILED;
-          major_status = GSS_S_FAILURE;
-          goto fail;
+           code = G_VALIDATE_FAILED;
+           major_status = GSS_S_FAILURE;
+           goto fail;
         }
        *src_name = (gss_name_t) name;
     }
@@ -334,9 +334,8 @@ kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
   fail:
     /* real failure code follows */
  
-   if (ctx)
-       (void) krb5_gss_delete_sec_context(minor_status, 
-                                         (gss_ctx_id_t *) &ctx, NULL);
+   (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
+                                      NULL);
     *context_handle = GSS_C_NO_CONTEXT;
     *minor_status = code;
  
@@ -345,10 +344,10 @@ kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
  
  static OM_uint32
  kg_accept_krb5(minor_status, context_handle,
-             verifier_cred_handle, input_token,
-             input_chan_bindings, src_name, mech_type,
-             output_token, ret_flags, time_rec,
-             delegated_cred_handle)
+              verifier_cred_handle, input_token,
+              input_chan_bindings, src_name, mech_type,
+              output_token, ret_flags, time_rec,
+              delegated_cred_handle)
      OM_uint32 *minor_status;
      gss_ctx_id_t *context_handle;
      gss_cred_id_t verifier_cred_handle;
@@ -492,11 +491,11 @@ kg_accept_krb5(minor_status, context_handle,
          mech_used = gss_mech_krb5;
          goto fail;
      } else if (code == G_BAD_TOK_HEADER) {
-       /* DCE style not encapsulated */
-       ap_req.length = input_token->length;
-       ap_req.data = input_token->value;
-       mech_used = gss_mech_krb5;
-       no_encap = 1;
+        /* DCE style not encapsulated */
+        ap_req.length = input_token->length;
+        ap_req.data = input_token->value;
+        mech_used = gss_mech_krb5;
+        no_encap = 1;
      } else {
          major_status = GSS_S_DEFECTIVE_TOKEN;
          goto fail;
@@ -570,23 +569,23 @@ kg_accept_krb5(minor_status, context_handle,
  
        code = krb5_auth_con_getkey(context, auth_context, &subkey);
        if (code) {
-        major_status = GSS_S_FAILURE;
-        goto fail;
+         major_status = GSS_S_FAILURE;
+         goto fail;
        }
  
        zero.length = 0;
        zero.data = "";
  
        code = krb5_c_verify_checksum(context,
-                                   subkey,
-                                   KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
-                                   &zero,
-                                   authdat->checksum,
-                                   &valid);
+                                    subkey,
+                                    KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+                                    &zero,
+                                    authdat->checksum,
+                                    &valid);
        if (code || !valid) {
-         major_status = GSS_S_BAD_SIG;
-         krb5_free_keyblock(context, subkey);
-         goto fail;
+          major_status = GSS_S_BAD_SIG;
+          krb5_free_keyblock(context, subkey);
+          goto fail;
        }
  
        gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
@@ -774,8 +773,8 @@ kg_accept_krb5(minor_status, context_handle,
  
      /* only DCE_STYLE clients are allowed to send raw AP-REQs */
      if (no_encap != ((gss_flags & GSS_C_DCE_STYLE) != 0)) {
-       major_status = GSS_S_DEFECTIVE_TOKEN;
-       goto fail;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto fail;
      }
  
      /* create the ctx struct and start filling it in */
@@ -795,8 +794,8 @@ kg_accept_krb5(minor_status, context_handle,
                        ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
                                        GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
                                        GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG |
-                                     GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
-                                     GSS_C_EXTENDED_ERROR_FLAG)));
+                                      GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
+                                      GSS_C_EXTENDED_ERROR_FLAG)));
      ctx->seed_init = 0;
      ctx->big_endian = bigend;
      ctx->cred_rcache = cred_rcache;
@@ -813,11 +812,11 @@ kg_accept_krb5(minor_status, context_handle,
  
      /* XXX move this into gss_name_t */
      if (ticket->enc_part2->authorization_data != NULL &&
-       (code = krb5_copy_authdata(context,
-                                  ticket->enc_part2->authorization_data,
-                                  &ctx->authdata))) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
+        (code = krb5_copy_authdata(context,
+                                   ticket->enc_part2->authorization_data,
+                                   &ctx->authdata))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
      }
      if ((code = krb5_copy_principal(context, ticket->server, &ctx->here))) {
          major_status = GSS_S_FAILURE;
@@ -858,11 +857,11 @@ kg_accept_krb5(minor_status, context_handle,
      ctx->have_acceptor_subkey = 0;
      /* DCE_STYLE implies acceptor_subkey */
      if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
-       code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
-       if (code) {
-           major_status = GSS_S_FAILURE;
-           goto fail;
-       }
+        code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
+        if (code) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
      }
      ctx->krb_times = ticket->enc_part2->times; /* struct copy */
      ctx->krb_flags = ticket->enc_part2->flags;
@@ -892,7 +891,7 @@ kg_accept_krb5(minor_status, context_handle,
  
      /* DCE_STYLE implies mutual authentication */
      if (ctx->gss_flags & GSS_C_DCE_STYLE)
-       ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
+        ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
  
      /* at this point, the entire context structure is filled in,
         so it can be released.  */
@@ -904,36 +903,36 @@ kg_accept_krb5(minor_status, context_handle,
          krb5_int32 seq_temp;
          int cfx_generate_subkey;
  
-       /*
-        * Do not generate a subkey per RFC 4537 unless we are upgrading to CFX,
-        * because pre-CFX tokens do not indicate which key to use. (Note that
-        * DCE_STYLE implies that we will use a subkey.)
-        */
-       if (ctx->proto == 0 &&
-           (ctx->gss_flags & GSS_C_DCE_STYLE) == 0 && 
-           (ap_req_options & AP_OPTS_USE_SUBKEY)) {
-           code = (*kaccess.krb5_auth_con_get_subkey_enctype) (context,
-                                                               auth_context,
-                                                               &negotiated_etype);
-           if (code != 0) {
-               major_status = GSS_S_FAILURE;
-               goto fail;
-           }
-
-           switch (negotiated_etype) {
-           case ENCTYPE_DES_CBC_MD5:
-           case ENCTYPE_DES_CBC_MD4:
-           case ENCTYPE_DES_CBC_CRC:
-           case ENCTYPE_DES3_CBC_SHA1:
-           case ENCTYPE_ARCFOUR_HMAC:
-           case ENCTYPE_ARCFOUR_HMAC_EXP:
-               ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
-               break;
-           }
-       }
+        /*
+         * Do not generate a subkey per RFC 4537 unless we are upgrading to CFX,
+         * because pre-CFX tokens do not indicate which key to use. (Note that
+         * DCE_STYLE implies that we will use a subkey.)
+         */
+        if (ctx->proto == 0 &&
+            (ctx->gss_flags & GSS_C_DCE_STYLE) == 0 &&
+            (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+            code = (*kaccess.krb5_auth_con_get_subkey_enctype) (context,
+                                                                auth_context,
+                                                                &negotiated_etype);
+            if (code != 0) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+
+            switch (negotiated_etype) {
+            case ENCTYPE_DES_CBC_MD5:
+            case ENCTYPE_DES_CBC_MD4:
+            case ENCTYPE_DES_CBC_CRC:
+            case ENCTYPE_DES3_CBC_SHA1:
+            case ENCTYPE_ARCFOUR_HMAC:
+            case ENCTYPE_ARCFOUR_HMAC_EXP:
+                ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
+                break;
+            }
+        }
  
          if (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
-           (ap_req_options & AP_OPTS_USE_SUBKEY))
+            (ap_req_options & AP_OPTS_USE_SUBKEY))
              cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY;
          else
              cfx_generate_subkey = 0;
@@ -970,35 +969,35 @@ kg_accept_krb5(minor_status, context_handle,
              }
              ctx->have_acceptor_subkey = 1;
  
-           code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
-                                &ctx->acceptor_subkey_cksumtype);
-           if (code) {
-               major_status = GSS_S_FAILURE;
-               goto fail;
-           }
+            code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
+                                 &ctx->acceptor_subkey_cksumtype);
+            if (code) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
          }
  
          /* the reply token hasn't been sent yet, but that's ok. */
-       if (ctx->gss_flags & GSS_C_DCE_STYLE) {
-           assert(ctx->have_acceptor_subkey);
+        if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+            assert(ctx->have_acceptor_subkey);
  
-           /* in order to force acceptor subkey to be used, don't set PROT_READY */
+            /* in order to force acceptor subkey to be used, don't set PROT_READY */
  
-           /* Raw AP-REP is returned */
-           output_token->length = ap_rep.length;
-           output_token->value = ap_rep.data;
-           ap_rep.data = NULL; /* don't double free */
+            /* Raw AP-REP is returned */
+            output_token->length = ap_rep.length;
+            output_token->value = ap_rep.data;
+            ap_rep.data = NULL; /* don't double free */
  
-           ctx->established = 0;
+            ctx->established = 0;
  
-           *context_handle = (gss_ctx_id_t)ctx;
-           *minor_status = 0;
-           major_status = GSS_S_CONTINUE_NEEDED;
+            *context_handle = (gss_ctx_id_t)ctx;
+            *minor_status = 0;
+            major_status = GSS_S_CONTINUE_NEEDED;
  
-           /* Only last leg should set return arguments */
-           goto fail;
-       } else
-           ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+            /* Only last leg should set return arguments */
+            goto fail;
+        } else
+            ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
  
          ctx->established = 1;
  
@@ -1086,7 +1085,7 @@ fail:
      if (ap_rep.data)
          krb5_free_data_contents(context, &ap_rep);
      if (major_status == GSS_S_COMPLETE ||
-       (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
+        (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
          ctx->k5_context = context;
          context = NULL;
          goto done;
@@ -1212,22 +1211,22 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
       */
      /*SUPPRESS 29*/
      if (ctx != NULL) {
-       if (ctx->established == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
-           return kg_accept_dce(minor_status, context_handle,
-                                verifier_cred_handle, input_token,
-                                input_chan_bindings, src_name, mech_type,
-                                output_token, ret_flags, time_rec,
-                                delegated_cred_handle);
-       } else {
-           *minor_status = EINVAL;
-           save_error_string(EINVAL, "accept_sec_context called with existing context handle");
-           return GSS_S_FAILURE;
-       }
+        if (ctx->established == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+            return kg_accept_dce(minor_status, context_handle,
+                                 verifier_cred_handle, input_token,
+                                 input_chan_bindings, src_name, mech_type,
+                                 output_token, ret_flags, time_rec,
+                                 delegated_cred_handle);
+        } else {
+            *minor_status = EINVAL;
+            save_error_string(EINVAL, "accept_sec_context called with existing context handle");
+            return GSS_S_FAILURE;
+        }
      }
  
      return kg_accept_krb5(minor_status, context_handle,
-                        verifier_cred_handle, input_token,
-                        input_chan_bindings, src_name, mech_type,
-                        output_token, ret_flags, time_rec,
-                        delegated_cred_handle);
+                         verifier_cred_handle, input_token,
+                         input_chan_bindings, src_name, mech_type,
+                         output_token, ret_flags, time_rec,
+                         delegated_cred_handle);
  }
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c

index 98617d570fcfdd0e837be1a3a4b515d1545fb312..48471b4f4c00b9b4f05f0cd90f863a81f407cbe8 100644 (file)
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -99,9 +99,9 @@ static char *krb5_gss_keytab = NULL;
  /* Heimdal calls this gsskrb5_register_acceptor_identity. */
  OM_uint32
  gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
-                                      const gss_OID desired_mech,
-                                      const gss_OID desired_object,
-                                      gss_buffer_t value)
+                                       const gss_OID desired_mech,
+                                       const gss_OID desired_object,
+                                       gss_buffer_t value)
  {
      char *new, *old;
      int err;
@@ -264,11 +264,11 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
          if (!err) {
              err = kim_ccache_create_from_client_identity (&kimccache, identity);
          }
-        
+
          if (!err) {
              err = kim_ccache_get_state (kimccache, &state);
          }
-        
+
          if (!err && state != kim_credentials_state_valid) {
              if (state == kim_credentials_state_needs_validation) {
                  err = kim_ccache_validate (kimccache, KIM_OPTIONS_DEFAULT);
@@ -277,13 +277,13 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
                  ccache = NULL;
              }
          }
-        
+
          if (!kimccache && kim_library_allow_automatic_prompting ()) {
              /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new (&kimccache, identity, 
+            err = kim_ccache_create_new (&kimccache, identity,
                                           KIM_OPTIONS_DEFAULT);
-        }        
-        
+        }
+
          if (!err) {
              err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache);
          }
@@ -746,9 +746,9 @@ gss_krb5int_set_cred_rcache(OM_uint32 *minor_status,
     if (cred->rcache != NULL) {
        code = krb5_rc_close(context, cred->rcache);
        if (code) {
-        *minor_status = code;
-        krb5_free_context(context);
-        return GSS_S_FAILURE;
+         *minor_status = code;
+         krb5_free_context(context);
+         return GSS_S_FAILURE;
        }
     }
  
diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c

index 430b50d282540fd1681a0bd44f0fbd7ffdcc3ab0..e7b48e04f11a5e86fbccc3957ce25edfca554f69 100644 (file)
--- a/src/lib/gssapi/krb5/copy_ccache.c
+++ b/src/lib/gssapi/krb5/copy_ccache.c
@@ -3,9 +3,9 @@
  
  OM_uint32 KRB5_CALLCONV
  gss_krb5int_copy_ccache(OM_uint32 *minor_status,
-                       gss_cred_id_t cred_handle,
-                       const gss_OID desired_object,
-                       const gss_buffer_t value)
+                        gss_cred_id_t cred_handle,
+                        const gss_OID desired_object,
+                        const gss_buffer_t value)
  {
      krb5_gss_cred_id_t k5creds;
      krb5_cc_cursor cursor;
@@ -13,11 +13,11 @@ gss_krb5int_copy_ccache(OM_uint32 *minor_status,
      krb5_error_code code;
      krb5_context context;
      krb5_ccache out_ccache;
-        
+
      assert(value->length == sizeof(out_ccache));
  
      if (value->length != sizeof(out_ccache))
-       return GSS_S_FAILURE;
+        return GSS_S_FAILURE;
  
      out_ccache = (krb5_ccache)value->value;
  
diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c

index 9544524d30d4032c99535b22ca32a8ac1d84d1a6..33e0e313e2269770a038c89da7e2ff42acfb8ddf 100644 (file)
--- a/src/lib/gssapi/krb5/delete_sec_context.c
+++ b/src/lib/gssapi/krb5/delete_sec_context.c
@@ -107,7 +107,7 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
          krb5_gss_release_oid(minor_status, &ctx->mech_used);
  
      if (ctx->authdata)
-       krb5_free_authdata(context, ctx->authdata);
+        krb5_free_authdata(context, ctx->authdata);
  
      if (ctx->k5_context)
          krb5_free_context(ctx->k5_context);
diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c

index 2c12080bb1b8bf24a6856e1eea80f8a85c66aaa4..29126d6c8a93658b29e34eb7ba96acfbd71a2862 100644 (file)
--- a/src/lib/gssapi/krb5/get_tkt_flags.c
+++ b/src/lib/gssapi/krb5/get_tkt_flags.c
@@ -29,9 +29,9 @@
  
  OM_uint32 KRB5_CALLCONV
  gss_krb5int_get_tkt_flags(OM_uint32 *minor_status,
-                         const gss_ctx_id_t context_handle,
-                         const gss_OID desired_object,
-                         gss_buffer_set_t *data_set)
+                          const gss_ctx_id_t context_handle,
+                          const gss_OID desired_object,
+                          gss_buffer_set_t *data_set)
  {
      krb5_gss_ctx_id_rec *ctx;
      gss_buffer_desc rep;
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h

index 76dfd4429a28e91974209261bd1891de38ab32e9..3c4f7e0385453a93ab23093e17a1ed4046d89d2f 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -264,9 +264,9 @@ krb5_error_code kg_make_seed (krb5_context context,
  
  krb5_error_code
  kg_setup_keys(krb5_context context,
-             krb5_gss_ctx_id_rec *ctx,
-             krb5_keyblock *subkey,
-             krb5_cksumtype *cksumtype);
+              krb5_gss_ctx_id_rec *ctx,
+              krb5_keyblock *subkey,
+              krb5_cksumtype *cksumtype);
  
  int kg_confounder_size (krb5_context context, krb5_keyblock *key);
  
@@ -282,10 +282,10 @@ krb5_error_code kg_encrypt (krb5_context context,
  
  krb5_error_code kg_encrypt_iov (krb5_context context,
                                  int proto, int dce_style,
-                               size_t ec, size_t rrc,
-                               krb5_keyblock *key, int usage,
+                                size_t ec, size_t rrc,
+                                krb5_keyblock *key, int usage,
                                  krb5_pointer iv,
-                               gss_iov_buffer_desc *iov,
+                                gss_iov_buffer_desc *iov,
                                  int iov_count);
  
  krb5_error_code
@@ -296,9 +296,9 @@ kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
  
  krb5_error_code
  kg_arcfour_docrypt_iov (krb5_context context,
-                       const krb5_keyblock *longterm_key , int ms_usage,
+                        const krb5_keyblock *longterm_key , int ms_usage,
                          const unsigned char *kd_data, size_t kd_data_len,
-                       gss_iov_buffer_desc *iov,
+                        gss_iov_buffer_desc *iov,
                          int iov_count);
  
  krb5_error_code kg_decrypt (krb5_context context,
@@ -310,10 +310,10 @@ krb5_error_code kg_decrypt (krb5_context context,
  
  krb5_error_code kg_decrypt_iov (krb5_context context,
                                  int proto, int dce_style,
-                               size_t ec, size_t rrc,
+                                size_t ec, size_t rrc,
                                  krb5_keyblock *key,  int usage,
                                  krb5_pointer iv,
-                               gss_iov_buffer_desc *iov,
+                                gss_iov_buffer_desc *iov,
                                  int iov_count);
  
  OM_uint32 kg_seal (OM_uint32 *minor_status,
@@ -368,92 +368,92 @@ OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status,
  /* AEAD */
  
  krb5_error_code gss_krb5int_make_seal_token_v3_iov(krb5_context context,
-                          krb5_gss_ctx_id_rec *ctx,
-                          int conf_req_flag,
-                          int *conf_state,
-                          gss_iov_buffer_desc *iov,
-                          int iov_count,
-                          int toktype);
+                           krb5_gss_ctx_id_rec *ctx,
+                           int conf_req_flag,
+                           int *conf_state,
+                           gss_iov_buffer_desc *iov,
+                           int iov_count,
+                           int toktype);
  
  OM_uint32 gss_krb5int_unseal_v3_iov(krb5_context context,
-                         OM_uint32 *minor_status,
-                         krb5_gss_ctx_id_rec *ctx,
-                         gss_iov_buffer_desc *iov,
-                         int iov_count,
-                         int *conf_state,
-                         gss_qop_t *qop_state,
-                         int toktype);
+                          OM_uint32 *minor_status,
+                          krb5_gss_ctx_id_rec *ctx,
+                          gss_iov_buffer_desc *iov,
+                          int iov_count,
+                          int *conf_state,
+                          gss_qop_t *qop_state,
+                          int toktype);
  
  gss_iov_buffer_t kg_locate_iov (gss_iov_buffer_desc *iov,
-             int iov_count,
-             OM_uint32 type);
+              int iov_count,
+              OM_uint32 type);
  
  void kg_iov_msglen(gss_iov_buffer_desc *iov,
-             int iov_count,
-             size_t *data_length,
-             size_t *assoc_data_length);
+              int iov_count,
+              size_t *data_length,
+              size_t *assoc_data_length);
  
  void kg_release_iov(gss_iov_buffer_desc *iov,
-              int iov_count);
+               int iov_count);
  
  krb5_error_code kg_make_checksum_iov_v1(krb5_context context,
-               krb5_cksumtype type,
-               size_t token_cksum_len,
-               krb5_keyblock *seq,
-               krb5_keyblock *enc, /* for conf len */
-               krb5_keyusage sign_usage,
-               gss_iov_buffer_desc *iov,
-               int iov_count,
-               int toktype,
-               krb5_checksum *checksum);
+                krb5_cksumtype type,
+                size_t token_cksum_len,
+                krb5_keyblock *seq,
+                krb5_keyblock *enc, /* for conf len */
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                int toktype,
+                krb5_checksum *checksum);
  
  krb5_error_code kg_make_checksum_iov_v3(krb5_context context,
-               krb5_cksumtype type,
-               size_t rrc,
-               krb5_keyblock *key,
-               krb5_keyusage sign_usage,
-               gss_iov_buffer_desc *iov,
-               int iov_count);
+                krb5_cksumtype type,
+                size_t rrc,
+                krb5_keyblock *key,
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count);
  
  krb5_error_code kg_verify_checksum_iov_v3(krb5_context context,
-               krb5_cksumtype type,
-               size_t rrc,
-               krb5_keyblock *key,
-               krb5_keyusage sign_usage,
-               gss_iov_buffer_desc *iov,
-               int iov_count,
-               krb5_boolean *valid);
+                krb5_cksumtype type,
+                size_t rrc,
+                krb5_keyblock *key,
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                krb5_boolean *valid);
  
  OM_uint32 kg_seal_iov (OM_uint32 *minor_status,
-           gss_ctx_id_t context_handle,
-           int conf_req_flag,
-           gss_qop_t qop_req,
-           int *conf_state,
-           gss_iov_buffer_desc *iov,
-           int iov_count,
-           int toktype);
+            gss_ctx_id_t context_handle,
+            int conf_req_flag,
+            gss_qop_t qop_req,
+            int *conf_state,
+            gss_iov_buffer_desc *iov,
+            int iov_count,
+            int toktype);
  
  OM_uint32 kg_unseal_iov (OM_uint32 *minor_status,
-           gss_ctx_id_t context_handle,
-           int *conf_state,
-           gss_qop_t *qop_state,
-           gss_iov_buffer_desc *iov,
-           int iov_count,
-           int toktype);
+            gss_ctx_id_t context_handle,
+            int *conf_state,
+            gss_qop_t *qop_state,
+            gss_iov_buffer_desc *iov,
+            int iov_count,
+            int toktype);
  
  OM_uint32 kg_seal_iov_length(OM_uint32 *minor_status,
-          gss_ctx_id_t context_handle,
-          int conf_req_flag,
-          gss_qop_t qop_req,
-          int *conf_state,
-          gss_iov_buffer_desc *iov,
-          int iov_count);
+           gss_ctx_id_t context_handle,
+           int conf_req_flag,
+           gss_qop_t qop_req,
+           int *conf_state,
+           gss_iov_buffer_desc *iov,
+           int iov_count);
  
  krb5_cryptotype kg_translate_flag_iov(OM_uint32 type);
  
  OM_uint32 kg_fixup_padding_iov(OM_uint32 *minor_status,
-       gss_iov_buffer_desc *iov,
-       int iov_count);
+        gss_iov_buffer_desc *iov,
+        int iov_count);
  
  int kg_map_toktype(int proto, int toktype);
  
@@ -621,24 +621,24 @@ OM_uint32 krb5_gss_wrap
  );
  
  OM_uint32 krb5_gss_wrap_iov
-(OM_uint32 *,          /* minor_status */
- gss_ctx_id_t,             /* context_handle */
- int,                      /* conf_req_flag */
- gss_qop_t,                /* qop_req */
- int *,                            /* conf_state */
- gss_iov_buffer_desc *,            /* iov */
- int                       /* iov_count */
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,              /* context_handle */
+ int,                       /* conf_req_flag */
+ gss_qop_t,                 /* qop_req */
+ int *,                     /* conf_state */
+ gss_iov_buffer_desc *,     /* iov */
+ int                        /* iov_count */
  );
  
  OM_uint32
  krb5_gss_wrap_iov_length
-(OM_uint32 *,          /* minor_status */
- gss_ctx_id_t,             /* context_handle */
- int,                      /* conf_req_flag */
- gss_qop_t,                /* qop_req */
- int *,                            /* conf_state */
- gss_iov_buffer_desc *,            /* iov */
- int                       /* iov_count */
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,              /* context_handle */
+ int,                       /* conf_req_flag */
+ gss_qop_t,                 /* qop_req */
+ int *,                     /* conf_state */
+ gss_iov_buffer_desc *,     /* iov */
+ int                        /* iov_count */
  );
  
  OM_uint32 krb5_gss_unwrap
@@ -651,12 +651,12 @@ OM_uint32 krb5_gss_unwrap
  );
  
  OM_uint32 krb5_gss_unwrap_iov
-(OM_uint32 *,          /* minor_status */
- gss_ctx_id_t,             /* context_handle */
- int *,                            /* conf_state */
- gss_qop_t *,              /* qop_state */
- gss_iov_buffer_desc *,            /* iov */
- int                       /* iov_count */
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,              /* context_handle */
+ int *,                     /* conf_state */
+ gss_qop_t *,               /* qop_state */
+ gss_iov_buffer_desc *,     /* iov */
+ int                        /* iov_count */
  );
  
  OM_uint32 krb5_gss_wrap_size_limit
@@ -855,7 +855,7 @@ gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
  
  OM_uint32
  gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
-                                  const gss_OID, gss_buffer_t);
+                                   const gss_OID, gss_buffer_t);
  
  extern k5_mutex_t kg_kdc_flag_mutex;
  krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
@@ -864,7 +864,7 @@ krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
  #define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
  
  OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
-                                     const gss_OID, gss_buffer_t);
+                                      const gss_OID, gss_buffer_t);
  
  krb5_error_code krb5_gss_use_kdc_context(void);
  
@@ -879,9 +879,9 @@ gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID
  
  OM_uint32
  gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
-                                               const gss_ctx_id_t context_handle,
-                                               const gss_OID desired_object,
-                                               gss_buffer_set_t *ad_data);
+                                                const gss_ctx_id_t context_handle,
+                                                const gss_OID desired_object,
+                                                gss_buffer_set_t *ad_data);
  
  #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
  #define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
@@ -894,9 +894,9 @@ gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss
  
  OM_uint32
  gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
-                                             const gss_ctx_id_t,
-                                             const gss_OID,
-                                             gss_buffer_set_t *);
+                                              const gss_ctx_id_t,
+                                              const gss_OID,
+                                              gss_buffer_set_t *);
  
  #ifdef _GSS_STATIC_LINK
  int gss_krb5int_lib_init(void);
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c

index a7f4f9e23d2e8f1e9abf75a5a9d7b68bb81fcfff..6e1d618694982d270faff93cf056fe5b542d94c0 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -306,8 +306,8 @@ kg_set_ccache_name (OM_uint32 *minor_status, const char *name)
  }
  
  #define g_OID_prefix_equal(o1, o2) \
-       (((o1)->length >= (o2)->length) && \
-       (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
+        (((o1)->length >= (o2)->length) && \
+        (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
  
  /*
   * gss_inquire_sec_context_by_oid() methods
@@ -317,70 +317,70 @@ static struct {
      OM_uint32 (*func)(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
  } krb5_gss_inquire_sec_context_by_oid_ops[] = {
      {
-       {GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID},
-       gss_krb5int_get_tkt_flags
+        {GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID},
+        gss_krb5int_get_tkt_flags
      },
      {
-       {GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID},
-       gss_krb5int_extract_authz_data_from_sec_context
+        {GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID},
+        gss_krb5int_extract_authz_data_from_sec_context
      },
      {
-       {GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID},
-       gss_krb5int_inq_session_key
+        {GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID},
+        gss_krb5int_inq_session_key
      },
      {
-       {GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID},
-       gss_krb5int_export_lucid_sec_context
+        {GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID},
+        gss_krb5int_export_lucid_sec_context
      },
      {
-       {GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID},
-       gss_krb5int_extract_authtime_from_sec_context
+        {GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID},
+        gss_krb5int_extract_authtime_from_sec_context
      }
  };
  
  static OM_uint32
  krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
-                                    const gss_ctx_id_t context_handle,
-                                    const gss_OID desired_object,
-                                    gss_buffer_set_t *data_set)
+                                     const gss_ctx_id_t context_handle,
+                                     const gss_OID desired_object,
+                                     gss_buffer_set_t *data_set)
  {
      krb5_gss_ctx_id_rec *ctx;
      size_t i;
  
      if (minor_status == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *minor_status = 0;
  
      if (desired_object == GSS_C_NO_OID)
-       return GSS_S_CALL_INACCESSIBLE_READ;
+        return GSS_S_CALL_INACCESSIBLE_READ;
  
      if (data_set == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *data_set = GSS_C_NO_BUFFER_SET;
  
      if (!kg_validate_ctx_id(context_handle))
-       return GSS_S_NO_CONTEXT;
+        return GSS_S_NO_CONTEXT;
  
      ctx = (krb5_gss_ctx_id_rec *) context_handle;
  
      if (!ctx->established)
-       return GSS_S_NO_CONTEXT;
+        return GSS_S_NO_CONTEXT;
  
      for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
-                   sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
-       if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
-           return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
-                                                                     context_handle,
-                                                                     desired_object,
-                                                                     data_set);
-       }
+                    sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
+            return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
+                                                                      context_handle,
+                                                                      desired_object,
+                                                                      data_set);
+        }
      }
  
      *minor_status = EINVAL;
  
-    return GSS_S_UNAVAILABLE; 
+    return GSS_S_UNAVAILABLE;
  }
  
  /*
@@ -396,46 +396,46 @@ static struct {
  
  static OM_uint32
  krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status,
-                            const gss_cred_id_t cred_handle,
-                            const gss_OID desired_object,
-                            gss_buffer_set_t *data_set)
+                             const gss_cred_id_t cred_handle,
+                             const gss_OID desired_object,
+                             gss_buffer_set_t *data_set)
  {
      OM_uint32 major_status = GSS_S_FAILURE;
      krb5_gss_cred_id_t cred;
      size_t i;
  
      if (minor_status == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *minor_status = 0;
  
      if (desired_object == GSS_C_NO_OID)
-       return GSS_S_CALL_INACCESSIBLE_READ;
+        return GSS_S_CALL_INACCESSIBLE_READ;
  
      if (data_set == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *data_set = GSS_C_NO_BUFFER_SET;
      if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
-       return GSS_S_NO_CRED;
+        *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
+        return GSS_S_NO_CRED;
      }
  
      major_status = krb5_gss_validate_cred(minor_status, cred_handle);
      if (GSS_ERROR(major_status))
-       return major_status;
+        return major_status;
  
      cred = (krb5_gss_cred_id_t) cred_handle;
  
  #if 0
      for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
-                   sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
-       if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
-           return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
-                                                              cred_handle,
-                                                              desired_object,
-                                                              data_set);
-       }
+                    sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
+            return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
+                                                               cred_handle,
+                                                               desired_object,
+                                                               data_set);
+        }
      }
  #endif
  
@@ -457,50 +457,50 @@ static struct {
  
  static OM_uint32
  krb5_gss_set_sec_context_option (OM_uint32 *minor_status,
-                                gss_ctx_id_t *context_handle,
-                                const gss_OID desired_object,
-                                const gss_buffer_t value)
+                                 gss_ctx_id_t *context_handle,
+                                 const gss_OID desired_object,
+                                 const gss_buffer_t value)
  {
      size_t i;
  
      if (minor_status == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *minor_status = 0;
  
      if (context_handle == NULL)
-       return GSS_S_CALL_INACCESSIBLE_READ;
+        return GSS_S_CALL_INACCESSIBLE_READ;
  
      if (desired_object == GSS_C_NO_OID)
-       return GSS_S_CALL_INACCESSIBLE_READ;
+        return GSS_S_CALL_INACCESSIBLE_READ;
  
      if (*context_handle != GSS_C_NO_CONTEXT) {
-       krb5_gss_ctx_id_rec *ctx;
+        krb5_gss_ctx_id_rec *ctx;
  
-       if (!kg_validate_ctx_id(*context_handle))
-           return GSS_S_NO_CONTEXT;
+        if (!kg_validate_ctx_id(*context_handle))
+            return GSS_S_NO_CONTEXT;
  
-       ctx = (krb5_gss_ctx_id_rec *) context_handle;
+        ctx = (krb5_gss_ctx_id_rec *) context_handle;
  
-       if (!ctx->established)
-           return GSS_S_NO_CONTEXT;
+        if (!ctx->established)
+            return GSS_S_NO_CONTEXT;
      }
  
  #if 0
      for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
-                   sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
-       if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) {
-           return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status,
-                                                                 context_handle,
-                                                                 desired_object,
-                                                                 value);
-       }
+                    sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) {
+            return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status,
+                                                                  context_handle,
+                                                                  desired_object,
+                                                                  value);
+        }
      }
  #endif
  
      *minor_status = EINVAL;
  
-    return GSS_S_UNAVAILABLE; 
+    return GSS_S_UNAVAILABLE;
  }
  
  /*
@@ -511,53 +511,53 @@ static struct {
      OM_uint32 (*func)(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t);
  } krb5_gssspi_set_cred_option_ops[] = {
      {
-       {GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID},
-       gss_krb5int_copy_ccache
+        {GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID},
+        gss_krb5int_copy_ccache
      },
      {
-       {GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID},
-       gss_krb5int_set_allowable_enctypes
+        {GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID},
+        gss_krb5int_set_allowable_enctypes
      },
      {
-       {GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID},
-       gss_krb5int_set_cred_rcache
+        {GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID},
+        gss_krb5int_set_cred_rcache
      }
  };
  
  static OM_uint32
  krb5_gssspi_set_cred_option(OM_uint32 *minor_status,
-                           gss_cred_id_t cred_handle,
-                           const gss_OID desired_object,
-                           const gss_buffer_t value)
+                            gss_cred_id_t cred_handle,
+                            const gss_OID desired_object,
+                            const gss_buffer_t value)
  {
      OM_uint32 major_status = GSS_S_FAILURE;
      size_t i;
  
      if (minor_status == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *minor_status = 0;
  
      if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
-       return GSS_S_NO_CRED;
+        *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
+        return GSS_S_NO_CRED;
      }
  
      if (desired_object == GSS_C_NO_OID)
-       return GSS_S_CALL_INACCESSIBLE_READ;
+        return GSS_S_CALL_INACCESSIBLE_READ;
  
      major_status = krb5_gss_validate_cred(minor_status, cred_handle);
      if (GSS_ERROR(major_status))
-       return major_status;
+        return major_status;
  
      for (i = 0; i < sizeof(krb5_gssspi_set_cred_option_ops)/
-                   sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
-       if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
-           return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
-                                                             cred_handle,
-                                                             desired_object,
-                                                             value);
-       }
+                    sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
+            return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
+                                                              cred_handle,
+                                                              desired_object,
+                                                              value);
+        }
      }
  
      *minor_status = EINVAL;
@@ -573,50 +573,50 @@ static struct {
      OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
  } krb5_gssspi_mech_invoke_ops[] = {
      {
-       {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
-       gss_krb5int_register_acceptor_identity
+        {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
+        gss_krb5int_register_acceptor_identity
      },
      {
-       {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID},
-       gss_krb5int_ccache_name
+        {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID},
+        gss_krb5int_ccache_name
      },
      {
-       {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
-       gss_krb5int_free_lucid_sec_context
+        {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
+        gss_krb5int_free_lucid_sec_context
      },
      {
-       {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
-       krb5int_gss_use_kdc_context
+        {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
+        krb5int_gss_use_kdc_context
      }
  };
  
  static OM_uint32
  krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
-                        const gss_OID desired_mech,
-                        const gss_OID desired_object,
-                        gss_buffer_t value)
+                         const gss_OID desired_mech,
+                         const gss_OID desired_object,
+                         gss_buffer_t value)
  {
      size_t i;
  
      if (minor_status == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *minor_status = 0;
  
      if (desired_mech == GSS_C_NO_OID)
-       return GSS_S_BAD_MECH;
+        return GSS_S_BAD_MECH;
  
      if (desired_object == GSS_C_NO_OID)
-       return GSS_S_CALL_INACCESSIBLE_READ;
+        return GSS_S_CALL_INACCESSIBLE_READ;
  
      for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
-                   sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
-       if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
-           return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
-                                                         desired_mech,
-                                                         desired_object,
-                                                         value);
-       }
+                    sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
+            return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
+                                                          desired_mech,
+                                                          desired_object,
+                                                          value);
+        }
      }
  
      *minor_status = EINVAL;
@@ -626,7 +626,7 @@ krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
  
  static struct gss_config krb5_mechanism = {
      { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
-    NULL,                                               
+    NULL,
      krb5_gss_acquire_cred,
      krb5_gss_release_cred,
      krb5_gss_init_sec_context,
@@ -674,12 +674,12 @@ static struct gss_config krb5_mechanism = {
      krb5_gss_set_sec_context_option,
      krb5_gssspi_set_cred_option,
      krb5_gssspi_mech_invoke,
-    NULL,               /* wrap_aead */        
-    NULL,               /* unwrap_aead */      
+    NULL,                /* wrap_aead */
+    NULL,                /* unwrap_aead */
      krb5_gss_wrap_iov,
      krb5_gss_unwrap_iov,
      krb5_gss_wrap_iov_length,
-    NULL,              /* complete_auth_token */
+    NULL,               /* complete_auth_token */
  };
  
  
@@ -748,12 +748,12 @@ int gss_krb5int_lib_init(void)
          return err;
      err = k5_mutex_finish_init(&kg_vdb.mutex);
      if (err)
-       return err;
+        return err;
  #endif
  #ifdef _GSS_STATIC_LINK
      err = gss_krb5mechglue_init();
      if (err)
-       return err;
+        return err;
  #endif
  
      return 0;
@@ -797,4 +797,3 @@ OM_uint32 gss_krb5int_initialize_library (void)
      return CALL_INIT_FUNCTION(gss_krb5int_lib_init);
  #endif
  }
-
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.hin b/src/lib/gssapi/krb5/gssapi_krb5.hin

index bf74fe9d042a6477c90d8325713b890be02caf9f..783387a525aaa951d72b31a8a7bf838489df838d 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.hin
+++ b/src/lib/gssapi/krb5/gssapi_krb5.hin
@@ -269,14 +269,14 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
  
  OM_uint32 KRB5_CALLCONV
  gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
-                                           const gss_ctx_id_t context_handle,
-                                           int ad_type,
-                                           gss_buffer_t ad_data);
+                                            const gss_ctx_id_t context_handle,
+                                            int ad_type,
+                                            gss_buffer_t ad_data);
  
  OM_uint32 KRB5_CALLCONV
  gss_krb5_set_cred_rcache(OM_uint32 *minor_status,
-                        gss_cred_id_t cred,
-                        krb5_rcache rcache);
+                         gss_cred_id_t cred,
+                         krb5_rcache rcache);
  
  OM_uint32 KRB5_CALLCONV
  gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, krb5_timestamp *);
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c

index 8744590e1c6a04f8d117ffc293f93339a29bc473..e7742216eb1d817c0a298230589019410098e354 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -341,35 +341,35 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
  
      /* build up the token */
      if (ctx->gss_flags & GSS_C_DCE_STYLE) {
-       /*
-        * For DCE RPC, do not encapsulate the AP-REQ in the
-        * typical GSS wrapping.
-        */
-       token->length = ap_req.length;
-       token->value = ap_req.data;
-
-       ap_req.data = NULL; /* don't double free */
+        /*
+         * For DCE RPC, do not encapsulate the AP-REQ in the
+         * typical GSS wrapping.
+         */
+        token->length = ap_req.length;
+        token->value = ap_req.data;
+
+        ap_req.data = NULL; /* don't double free */
      } else {
-       /* allocate space for the token */
-       tlen = g_token_size((gss_OID) mech_type, ap_req.length);
+        /* allocate space for the token */
+        tlen = g_token_size((gss_OID) mech_type, ap_req.length);
  
-       if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
-           code = ENOMEM;
-           goto cleanup;
-       }
+        if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
+            code = ENOMEM;
+            goto cleanup;
+        }
  
-       /* fill in the buffer */
-       ptr = t;
+        /* fill in the buffer */
+        ptr = t;
  
-       g_make_token_header(mech_type, ap_req.length,
-                           &ptr, KG_TOK_CTX_AP_REQ);
+        g_make_token_header(mech_type, ap_req.length,
+                            &ptr, KG_TOK_CTX_AP_REQ);
  
-       TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
+        TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
  
-       /* pass it back */
+        /* pass it back */
  
-       token->length = tlen;
-       token->value = (void *) t;
+        token->length = tlen;
+        token->value = (void *) t;
      }
  
      code = 0;
@@ -462,14 +462,14 @@ new_connection(
                        GSS_C_TRANS_FLAG |
                        ((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
                                        GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG |
-                                     GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
-                                     GSS_C_EXTENDED_ERROR_FLAG)));
+                                      GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
+                                      GSS_C_EXTENDED_ERROR_FLAG)));
      ctx->seed_init = 0;
      ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
      ctx->seqstate = 0;
  
      if (req_flags & GSS_C_DCE_STYLE)
-       ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
+        ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
  
      if ((code = krb5_timeofday(context, &now)))
          goto fail;
@@ -528,16 +528,14 @@ new_connection(
                                      &ctx->subkey);
      }
  
-    if (k_cred) {
-        krb5_free_creds(context, k_cred);
-        k_cred = NULL;
-    }
+    krb5_free_creds(context, k_cred);
+    k_cred = NULL;
      ctx->enc = NULL;
      ctx->seq = NULL;
      ctx->have_acceptor_subkey = 0;
      code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
      if (code != 0)
-       goto fail;
+        goto fail;
  
      /* at this point, the context is constructed and valid,
         hence, releaseable */
@@ -679,9 +677,9 @@ mutual_auth(
      ptr = (unsigned char *) input_token->value;
  
      if (ctx->gss_flags & GSS_C_DCE_STYLE) {
-       /* Raw AP-REP */
-       ap_rep.length = input_token->length;
-       ap_rep.data = (char *)input_token->value;
+        /* Raw AP-REP */
+        ap_rep.length = input_token->length;
+        ap_rep.data = (char *)input_token->value;
      } else if (g_verify_token_header(ctx->mech_used,
                                &(ap_rep.length),
                                &ptr, KG_TOK_CTX_AP_REP,
@@ -735,35 +733,35 @@ mutual_auth(
                   (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto);
  
      if (ap_rep_data->subkey != NULL &&
-       (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
-        ap_rep_data->subkey->enctype != ctx->subkey->enctype)) {
+        (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
+         ap_rep_data->subkey->enctype != ctx->subkey->enctype)) {
          /* Keep acceptor's subkey.  */
          ctx->have_acceptor_subkey = 1;
          code = krb5_copy_keyblock(context, ap_rep_data->subkey,
                                    &ctx->acceptor_subkey);
          if (code) {
-           krb5_free_ap_rep_enc_part(context, ap_rep_data);
+            krb5_free_ap_rep_enc_part(context, ap_rep_data);
              goto fail;
-       }
-       code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
-                            &ctx->acceptor_subkey_cksumtype);
-       if (code) {
-           krb5_free_ap_rep_enc_part(context, ap_rep_data);
-           goto fail;
-       }
+        }
+        code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
+                             &ctx->acceptor_subkey_cksumtype);
+        if (code) {
+            krb5_free_ap_rep_enc_part(context, ap_rep_data);
+            goto fail;
+        }
      }
      /* free the ap_rep_data */
      krb5_free_ap_rep_enc_part(context, ap_rep_data);
  
      if (ctx->gss_flags & GSS_C_DCE_STYLE) {
-       krb5_data outbuf;
+        krb5_data outbuf;
  
-       code = krb5_mk_rep_dce(context, ctx->auth_context, &outbuf);
-       if (code)
-           goto fail;
+        code = krb5_mk_rep_dce(context, ctx->auth_context, &outbuf);
+        if (code)
+            goto fail;
  
-       output_token->value = outbuf.data;
-       output_token->length = outbuf.length;
+        output_token->value = outbuf.data;
+        output_token->length = outbuf.length;
      }
  
      /* set established */
@@ -988,9 +986,9 @@ krb5_gss_init_context (krb5_context *ctxp)
  #ifndef _WIN32
  OM_uint32
  krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
-                           const gss_OID desired_mech,
-                           const gss_OID desired_object,
-                           gss_buffer_t value)
+                            const gss_OID desired_mech,
+                            const gss_OID desired_object,
+                            gss_buffer_t value)
  {
      OM_uint32 err;
  
@@ -1001,7 +999,7 @@ krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
          return err;
      *minor_status = k5_mutex_lock(&kg_kdc_flag_mutex);
      if (*minor_status) {
-       return GSS_S_FAILURE;
+        return GSS_S_FAILURE;
      }
      kdc_flag = 1;
      k5_mutex_unlock(&kg_kdc_flag_mutex);
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c

index ed46d9d51af956db37597b34a1494a65a60c7613..f3e44cdf56b77397784fb528864ea989acbbf4be 100644 (file)
--- a/src/lib/gssapi/krb5/inq_context.c
+++ b/src/lib/gssapi/krb5/inq_context.c
@@ -211,33 +211,33 @@ gss_krb5int_inq_session_key(
  
      major_status = generic_gss_add_buffer_set_member(minor_status, &keyvalue, data_set);
      if (GSS_ERROR(major_status))
-       goto cleanup;
+        goto cleanup;
  
      oid.elements = oid_buf;
      oid.length = sizeof(oid_buf);
  
      major_status = generic_gss_oid_compose(minor_status,
-                                          GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
-                                          GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
-                                          key->enctype,
-                                          &oid);
+                                           GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
+                                           GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
+                                           key->enctype,
+                                           &oid);
      if (GSS_ERROR(major_status))
-       goto cleanup;
+        goto cleanup;
  
      keyinfo.value = oid.elements;
      keyinfo.length = oid.length;
  
      major_status = generic_gss_add_buffer_set_member(minor_status, &keyinfo, data_set);
      if (GSS_ERROR(major_status))
-       goto cleanup;
+        goto cleanup;
  
      return GSS_S_COMPLETE;
  
  cleanup:
      if (*data_set != GSS_C_NO_BUFFER_SET) {
-       if ((*data_set)->count != 0)
-           memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length);
-       gss_release_buffer_set(&minor, data_set);
+        if ((*data_set)->count != 0)
+            memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length);
+        gss_release_buffer_set(&minor, data_set);
      }
  
      return major_status;
@@ -260,35 +260,35 @@ gss_krb5int_extract_authz_data_from_sec_context(
      ctx = (krb5_gss_ctx_id_rec *) context_handle;
  
      major_status = generic_gss_oid_decompose(minor_status,
-                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
-                                            GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
-                                            desired_object,
-                                            &ad_type);
+                                             GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+                                             GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+                                             desired_object,
+                                             &ad_type);
      if (major_status != GSS_S_COMPLETE || ad_type == 0) {
-       *minor_status = ENOENT;
-       return GSS_S_FAILURE;
+        *minor_status = ENOENT;
+        return GSS_S_FAILURE;
      }
  
      if (ctx->authdata != NULL) {
-       for (i = 0; ctx->authdata[i] != NULL; i++) {
-           if (ctx->authdata[i]->ad_type == ad_type) {
-               gss_buffer_desc ad_data;
-
-               ad_data.length = ctx->authdata[i]->length;
-               ad_data.value = ctx->authdata[i]->contents;
-
-               major_status = generic_gss_add_buffer_set_member(minor_status,
-                                                                &ad_data, data_set);
-               if (GSS_ERROR(major_status))
-                   break;
-           }
-       }
+        for (i = 0; ctx->authdata[i] != NULL; i++) {
+            if (ctx->authdata[i]->ad_type == ad_type) {
+                gss_buffer_desc ad_data;
+
+                ad_data.length = ctx->authdata[i]->length;
+                ad_data.value = ctx->authdata[i]->contents;
+
+                major_status = generic_gss_add_buffer_set_member(minor_status,
+                                                                 &ad_data, data_set);
+                if (GSS_ERROR(major_status))
+                    break;
+            }
+        }
      }
  
      if (GSS_ERROR(major_status)) {
-       OM_uint32 tmp;
+        OM_uint32 tmp;
  
-       generic_gss_release_buffer_set(&tmp, data_set);
+        generic_gss_release_buffer_set(&tmp, data_set);
      }
  
      return major_status;
@@ -296,7 +296,7 @@ gss_krb5int_extract_authz_data_from_sec_context(
  
  OM_uint32
  gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status,
-                                             const gss_ctx_id_t context_handle,
+                                              const gss_ctx_id_t context_handle,
                                                const gss_OID desired_oid,
                                                gss_buffer_set_t *data_set)
  {
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c

index dd3603b2692097b17f958ad76a22d288db806ef1..aba8d81d6b98b4c6f6596019f847110153873b5e 100644 (file)
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -247,7 +247,7 @@ make_seal_token_v1 (krb5_context context,
      /* create the seq_num */
  
      if ((code = kg_make_seq_num(context, seq, direction?0:0xff,
-                               (krb5_ui_4)*seqnum, ptr+14, ptr+6))) {
+                                (krb5_ui_4)*seqnum, ptr+14, ptr+6))) {
          xfree (plain);
          xfree(t);
          return(code);
diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c

index a0808addb07d2f606d806c5ebcbac730c1afa022..1d0c57300d12aa056ba3800bb288d7cf8100de0a 100644 (file)
--- a/src/lib/gssapi/krb5/k5sealiov.c
+++ b/src/lib/gssapi/krb5/k5sealiov.c
@@ -28,19 +28,19 @@
   */
  
  #include <assert.h>
-#include "k5-platform.h"       /* for 64-bit support */
-#include "k5-int.h"         /* for zap() */
+#include "k5-platform.h"        /* for 64-bit support */
+#include "k5-int.h"          /* for zap() */
  #include "gssapiP_krb5.h"
  #include <stdarg.h>
  
  static krb5_error_code
  make_seal_token_v1_iov(krb5_context context,
-                      krb5_gss_ctx_id_rec *ctx,
-                      int conf_req_flag,
-                      int *conf_state,
-                      gss_iov_buffer_desc *iov,
-                      int iov_count,
-                      int toktype)
+                       krb5_gss_ctx_id_rec *ctx,
+                       int conf_req_flag,
+                       int *conf_state,
+                       gss_iov_buffer_desc *iov,
+                       int iov_count,
+                       int toktype)
  {
      krb5_error_code code = 0;
      gss_iov_buffer_t header;
@@ -61,58 +61,58 @@ make_seal_token_v1_iov(krb5_context context,
  
      header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
      if (header == NULL)
-       return EINVAL;
+        return EINVAL;
  
      padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
      if (padding == NULL && (ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
-       return EINVAL;
+        return EINVAL;
  
      trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
      if (trailer != NULL)
-       trailer->buffer.length = 0;
+        trailer->buffer.length = 0;
  
      /* Determine confounder length */
      if (toktype == KG_TOK_WRAP_MSG || conf_req_flag)
-       k5_headerlen = kg_confounder_size(context, ctx->enc);
+        k5_headerlen = kg_confounder_size(context, ctx->enc);
  
      /* Check padding length */
      if (toktype == KG_TOK_WRAP_MSG) {
-       size_t k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
-       size_t gss_padlen;
-       size_t conf_data_length;
-
-       kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
-       conf_data_length = k5_headerlen + data_length - assoc_data_length;
-
-       if (k5_padlen == 1)
-           gss_padlen = 1; /* one byte to indicate one byte of padding */
-       else
-           gss_padlen = k5_padlen - (conf_data_length % k5_padlen);
-
-       if (ctx->gss_flags & GSS_C_DCE_STYLE) {
-           /* DCE will pad the actual data itself; padding buffer optional and will be zeroed */
-           gss_padlen = 0;
-
-           if (conf_data_length % k5_padlen)
-               code = KRB5_BAD_MSIZE;
-       } else if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
-           code = kg_allocate_iov(padding, gss_padlen);
-       } else if (padding->buffer.length < gss_padlen) {
-           code = KRB5_BAD_MSIZE;
-       }
-       if (code != 0)
-           goto cleanup;
-
-       /* Initialize padding buffer to pad itself */
-       if (padding != NULL) {
-           padding->buffer.length = gss_padlen;
-           memset(padding->buffer.value, (int)gss_padlen, gss_padlen);
-       }
-
-       if (ctx->gss_flags & GSS_C_DCE_STYLE)
-           tmsglen = k5_headerlen; /* confounder length */
-       else
-           tmsglen = conf_data_length + padding->buffer.length;
+        size_t k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
+        size_t gss_padlen;
+        size_t conf_data_length;
+
+        kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+        conf_data_length = k5_headerlen + data_length - assoc_data_length;
+
+        if (k5_padlen == 1)
+            gss_padlen = 1; /* one byte to indicate one byte of padding */
+        else
+            gss_padlen = k5_padlen - (conf_data_length % k5_padlen);
+
+        if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+            /* DCE will pad the actual data itself; padding buffer optional and will be zeroed */
+            gss_padlen = 0;
+
+            if (conf_data_length % k5_padlen)
+                code = KRB5_BAD_MSIZE;
+        } else if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+            code = kg_allocate_iov(padding, gss_padlen);
+        } else if (padding->buffer.length < gss_padlen) {
+            code = KRB5_BAD_MSIZE;
+        }
+        if (code != 0)
+            goto cleanup;
+
+        /* Initialize padding buffer to pad itself */
+        if (padding != NULL) {
+            padding->buffer.length = gss_padlen;
+            memset(padding->buffer.value, (int)gss_padlen, gss_padlen);
+        }
+
+        if (ctx->gss_flags & GSS_C_DCE_STYLE)
+            tmsglen = k5_headerlen; /* confounder length */
+        else
+            tmsglen = conf_data_length + padding->buffer.length;
      }
  
      /* Determine token size */
@@ -121,11 +121,11 @@ make_seal_token_v1_iov(krb5_context context,
      k5_headerlen += tlen - tmsglen;
  
      if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
-       code = kg_allocate_iov(header, k5_headerlen);
+        code = kg_allocate_iov(header, k5_headerlen);
      else if (header->buffer.length < k5_headerlen)
-       code = KRB5_BAD_MSIZE;
+        code = KRB5_BAD_MSIZE;
      if (code != 0)
-       goto cleanup;
+        goto cleanup;
  
      header->buffer.length = k5_headerlen;
  
@@ -138,12 +138,12 @@ make_seal_token_v1_iov(krb5_context context,
  
      /* 2..3 SEAL_ALG or Filler */
      if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
-       ptr[2] = (ctx->sealalg     ) & 0xFF;
-       ptr[3] = (ctx->sealalg >> 8) & 0xFF;
+        ptr[2] = (ctx->sealalg     ) & 0xFF;
+        ptr[3] = (ctx->sealalg >> 8) & 0xFF;
      } else {
-       /* No seal */
-       ptr[2] = 0xFF;
-       ptr[3] = 0xFF;
+        /* No seal */
+        ptr[2] = 0xFF;
+        ptr[3] = 0xFF;
      }
  
      /* 4..5 Filler */
@@ -156,103 +156,103 @@ make_seal_token_v1_iov(krb5_context context,
      switch (ctx->signalg) {
      case SGN_ALG_DES_MAC_MD5:
      case SGN_ALG_MD2_5:
-       md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+        break;
      case SGN_ALG_HMAC_SHA1_DES3_KD:
-       md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
      case SGN_ALG_HMAC_MD5:
-       md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
-       if (toktype != KG_TOK_WRAP_MSG)
-           sign_usage = 15;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        if (toktype != KG_TOK_WRAP_MSG)
+            sign_usage = 15;
+        break;
      default:
      case SGN_ALG_DES_MAC:
-       abort ();
+        abort ();
      }
  
      code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen);
      if (code != 0)
-       goto cleanup;
+        goto cleanup;
      md5cksum.length = k5_trailerlen;
  
      if (k5_headerlen != 0) {
-       code = kg_make_confounder(context, ctx->enc, ptr + 14 + ctx->cksum_size);
-       if (code != 0)
-           goto cleanup;
+        code = kg_make_confounder(context, ctx->enc, ptr + 14 + ctx->cksum_size);
+        if (code != 0)
+            goto cleanup;
      }
  
      /* compute the checksum */
      code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type,
-                                  ctx->cksum_size, ctx->seq, ctx->enc,
-                                  sign_usage, iov, iov_count, toktype,
-                                  &md5cksum);
+                                   ctx->cksum_size, ctx->seq, ctx->enc,
+                                   sign_usage, iov, iov_count, toktype,
+                                   &md5cksum);
      if (code != 0)
-       goto cleanup;
+        goto cleanup;
  
      switch (ctx->signalg) {
      case SGN_ALG_DES_MAC_MD5:
      case SGN_ALG_3:
-       code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
-                         (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
-                          ctx->seq->contents : NULL),
-                         md5cksum.contents, md5cksum.contents, 16);
-       if (code != 0)
-           goto cleanup;
-
-       cksum.length = ctx->cksum_size;
-       cksum.contents = md5cksum.contents + 16 - cksum.length;
-
-       memcpy(ptr + 14, cksum.contents, cksum.length);
-       break;
+        code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+                          (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+                           ctx->seq->contents : NULL),
+                          md5cksum.contents, md5cksum.contents, 16);
+        if (code != 0)
+            goto cleanup;
+
+        cksum.length = ctx->cksum_size;
+        cksum.contents = md5cksum.contents + 16 - cksum.length;
+
+        memcpy(ptr + 14, cksum.contents, cksum.length);
+        break;
      case SGN_ALG_HMAC_SHA1_DES3_KD:
-       assert(md5cksum.length == ctx->cksum_size);
-       memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
-       break;
+        assert(md5cksum.length == ctx->cksum_size);
+        memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
+        break;
      case SGN_ALG_HMAC_MD5:
-       memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
-       break;
+        memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
+        break;
      }
  
      /* create the seq_num */
      code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF,
-                          (OM_uint32)ctx->seq_send, ptr + 14, ptr + 6);
+                           (OM_uint32)ctx->seq_send, ptr + 14, ptr + 6);
      if (code != 0)
-       goto cleanup;
+        goto cleanup;
  
      if (conf_req_flag) {
-       if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
-           unsigned char bigend_seqnum[4];
-           krb5_keyblock *enc_key;
-           size_t i;
-
-           bigend_seqnum[0] = (ctx->seq_send >> 24) & 0xFF;
-           bigend_seqnum[1] = (ctx->seq_send >> 16) & 0xFF;
-           bigend_seqnum[2] = (ctx->seq_send >> 8 ) & 0xFF;
-           bigend_seqnum[3] = (ctx->seq_send      ) & 0xFF;
-
-           code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
-           if (code != 0)
-               goto cleanup;
-
-           assert(enc_key->length == 16);
-
-           for (i = 0; i < enc_key->length; i++)
-               ((char *)enc_key->contents)[i] ^= 0xF0;
-
-           code = kg_arcfour_docrypt_iov(context, enc_key, 0,
-                                         bigend_seqnum, 4,
-                                         iov, iov_count);
-           krb5_free_keyblock(context, enc_key);
-       } else {
-           code = kg_encrypt_iov(context, ctx->proto,
-                                 ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
-                                 0 /*EC*/, 0 /*RRC*/,
-                                 ctx->enc, KG_USAGE_SEAL, NULL,
-                                 iov, iov_count);
-       }
-       if (code != 0)
-           goto cleanup;
+        if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+            unsigned char bigend_seqnum[4];
+            krb5_keyblock *enc_key;
+            size_t i;
+
+            bigend_seqnum[0] = (ctx->seq_send >> 24) & 0xFF;
+            bigend_seqnum[1] = (ctx->seq_send >> 16) & 0xFF;
+            bigend_seqnum[2] = (ctx->seq_send >> 8 ) & 0xFF;
+            bigend_seqnum[3] = (ctx->seq_send      ) & 0xFF;
+
+            code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
+            if (code != 0)
+                goto cleanup;
+
+            assert(enc_key->length == 16);
+
+            for (i = 0; i < enc_key->length; i++)
+                ((char *)enc_key->contents)[i] ^= 0xF0;
+
+            code = kg_arcfour_docrypt_iov(context, enc_key, 0,
+                                          bigend_seqnum, 4,
+                                          iov, iov_count);
+            krb5_free_keyblock(context, enc_key);
+        } else {
+            code = kg_encrypt_iov(context, ctx->proto,
+                                  ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                                  0 /*EC*/, 0 /*RRC*/,
+                                  ctx->enc, KG_USAGE_SEAL, NULL,
+                                  iov, iov_count);
+        }
+        if (code != 0)
+            goto cleanup;
      }
  
      ctx->seq_send++;
@@ -261,11 +261,11 @@ make_seal_token_v1_iov(krb5_context context,
      code = 0;
  
      if (conf_state != NULL)
-       *conf_state = conf_req_flag;
+        *conf_state = conf_req_flag;
  
  cleanup:
      if (code != 0)
-       kg_release_iov(iov, iov_count);
+        kg_release_iov(iov, iov_count);
      krb5_free_checksum_contents(context, &md5cksum);
  
      return code;
@@ -273,13 +273,13 @@ cleanup:
  
  OM_uint32
  kg_seal_iov(OM_uint32 *minor_status,
-           gss_ctx_id_t context_handle,
-           int conf_req_flag,
-           gss_qop_t qop_req,
-           int *conf_state,
-           gss_iov_buffer_desc *iov,
-           int iov_count,
-           int toktype)
+            gss_ctx_id_t context_handle,
+            int conf_req_flag,
+            gss_qop_t qop_req,
+            int *conf_state,
+            gss_iov_buffer_desc *iov,
+            int iov_count,
+            int toktype)
  {
      krb5_gss_ctx_id_rec *ctx;
      krb5_error_code code;
@@ -287,52 +287,52 @@ kg_seal_iov(OM_uint32 *minor_status,
      krb5_context context;
  
      if (qop_req != 0) {
-       *minor_status = (OM_uint32)G_UNKNOWN_QOP;
-       return GSS_S_FAILURE;
+        *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+        return GSS_S_FAILURE;
      }
  
      if (!kg_validate_ctx_id(context_handle)) {
-       *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-       return GSS_S_NO_CONTEXT;
+        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+        return GSS_S_NO_CONTEXT;
      }
  
      ctx = (krb5_gss_ctx_id_rec *)context_handle;
      if (!ctx->established) {
-       *minor_status = KG_CTX_INCOMPLETE;
-       return GSS_S_NO_CONTEXT;
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
      }
  
      context = ctx->k5_context;
      code = krb5_timeofday(context, &now);
      if (code != 0) {
-       *minor_status = code;
-       save_error_info(*minor_status, context);
-       return GSS_S_FAILURE;
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return GSS_S_FAILURE;
      }
  
      if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) {
-       /* may be more sensible to return an error here */
-       conf_req_flag = FALSE;
+        /* may be more sensible to return an error here */
+        conf_req_flag = FALSE;
      }
  
      switch (ctx->proto) {
      case 0:
-       code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
-                                     conf_state, iov, iov_count, toktype);
-       break;
+        code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
+                                      conf_state, iov, iov_count, toktype);
+        break;
      case 1:
-       code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag,
-                                                 conf_state, iov, iov_count, toktype);
-       break;
+        code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag,
+                                                  conf_state, iov, iov_count, toktype);
+        break;
      default:
-       code = G_UNKNOWN_QOP;
-       break;
+        code = G_UNKNOWN_QOP;
+        break;
      }
  
      if (code != 0) {
-       *minor_status = code;
-       save_error_info(*minor_status, context);
-       return GSS_S_FAILURE;
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return GSS_S_FAILURE;
      }
  
      *minor_status = 0;
@@ -340,18 +340,18 @@ kg_seal_iov(OM_uint32 *minor_status,
      return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
  }
  
-#define INIT_IOV_DATA(_iov)    do { (_iov)->buffer.value = NULL; \
-                                    (_iov)->buffer.length = 0; } \
-                               while (0)
+#define INIT_IOV_DATA(_iov)     do { (_iov)->buffer.value = NULL; \
+                                     (_iov)->buffer.length = 0; } \
+                                while (0)
  
  OM_uint32
  kg_seal_iov_length(OM_uint32 *minor_status,
-                  gss_ctx_id_t context_handle,
-                  int conf_req_flag,
-                  gss_qop_t qop_req,
-                  int *conf_state,
-                  gss_iov_buffer_desc *iov,
-                  int iov_count)
+                   gss_ctx_id_t context_handle,
+                   int conf_req_flag,
+                   gss_qop_t qop_req,
+                   int *conf_state,
+                   gss_iov_buffer_desc *iov,
+                   int iov_count)
  {
      krb5_gss_ctx_id_rec *ctx;
      gss_iov_buffer_t header, trailer, padding;
@@ -363,31 +363,31 @@ kg_seal_iov_length(OM_uint32 *minor_status,
      int dce_style;
  
      if (qop_req != GSS_C_QOP_DEFAULT) {
-       *minor_status = (OM_uint32)G_UNKNOWN_QOP;
-       return GSS_S_FAILURE;
+        *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+        return GSS_S_FAILURE;
      }
  
      if (!kg_validate_ctx_id(context_handle)) {
-       *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-       return GSS_S_NO_CONTEXT;
+        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+        return GSS_S_NO_CONTEXT;
      }
  
      ctx = (krb5_gss_ctx_id_rec *)context_handle;
      if (!ctx->established) {
-       *minor_status = KG_CTX_INCOMPLETE;
-       return GSS_S_NO_CONTEXT;
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
      }
  
      header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
      if (header == NULL) {
-       *minor_status = EINVAL;
-       return GSS_S_FAILURE;
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
      }
      INIT_IOV_DATA(header);
  
      trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
      if (trailer != NULL) {
-       INIT_IOV_DATA(trailer);
+        INIT_IOV_DATA(trailer);
      }
  
      dce_style = ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0);
@@ -395,123 +395,122 @@ kg_seal_iov_length(OM_uint32 *minor_status,
      /* For CFX, EC is used instead of padding, and is placed in header or trailer */
      padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
      if (padding == NULL) {
-       if (conf_req_flag && ctx->proto == 0 && !dce_style) {
-           *minor_status = EINVAL;
-           return GSS_S_FAILURE;
-       }
+        if (conf_req_flag && ctx->proto == 0 && !dce_style) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
      } else {
-       INIT_IOV_DATA(padding);
+        INIT_IOV_DATA(padding);
      }
  
      kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
  
      if (conf_req_flag && kg_integ_only_iov(iov, iov_count))
-       conf_req_flag = FALSE;
+        conf_req_flag = FALSE;
  
      context = ctx->k5_context;
  
      gss_headerlen = gss_padlen = gss_trailerlen = 0;
  
      if (ctx->proto == 1) {
-       krb5_enctype enctype;
-       size_t ec;
-
-       if (ctx->have_acceptor_subkey)
-           enctype = ctx->acceptor_subkey->enctype;
-       else
-           enctype = ctx->subkey->enctype;
-
-       code = krb5_c_crypto_length(context, enctype,
-                                   conf_req_flag ?
-                                       KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
-                                   &k5_trailerlen);
-       if (code != 0) {
-           *minor_status = code;
-           return GSS_S_FAILURE;
-       }
-
-       if (conf_req_flag) {
-           code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
-           if (code != 0) {
-               *minor_status = code;
-               return GSS_S_FAILURE;
-           }
-       }
-
-       gss_headerlen = 16; /* Header */
-       if (conf_req_flag) {
-           gss_headerlen += k5_headerlen; /* Kerb-Header */
-           gss_trailerlen = 16 /* E(Header) */ + k5_trailerlen; /* Kerb-Trailer */
-
-           code = krb5_c_padding_length(context, enctype,
-                                        data_length - assoc_data_length + 16 /* E(Header) */, &k5_padlen);
-           if (code != 0) {
-               *minor_status = code;
-               return GSS_S_FAILURE;
-           }
-        
-           if (k5_padlen == 0 && dce_style) {
-               /* Windows rejects AEAD tokens with non-zero EC */
-               code = krb5_c_block_size(context, enctype, &ec);
-               if (code != 0) {
-                   *minor_status = code;
-                   return GSS_S_FAILURE;
-               }
-           } else
-               ec = k5_padlen;
-
-           gss_trailerlen += ec;
-       } else {
-           gss_trailerlen = k5_trailerlen; /* Kerb-Checksum */
-       }
+        krb5_enctype enctype;
+        size_t ec;
+
+        if (ctx->have_acceptor_subkey)
+            enctype = ctx->acceptor_subkey->enctype;
+        else
+            enctype = ctx->subkey->enctype;
+
+        code = krb5_c_crypto_length(context, enctype,
+                                    conf_req_flag ?
+                                        KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &k5_trailerlen);
+        if (code != 0) {
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+
+        if (conf_req_flag) {
+            code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+            if (code != 0) {
+                *minor_status = code;
+                return GSS_S_FAILURE;
+            }
+        }
+
+        gss_headerlen = 16; /* Header */
+        if (conf_req_flag) {
+            gss_headerlen += k5_headerlen; /* Kerb-Header */
+            gss_trailerlen = 16 /* E(Header) */ + k5_trailerlen; /* Kerb-Trailer */
+
+            code = krb5_c_padding_length(context, enctype,
+                                         data_length - assoc_data_length + 16 /* E(Header) */, &k5_padlen);
+            if (code != 0) {
+                *minor_status = code;
+                return GSS_S_FAILURE;
+            }
+
+            if (k5_padlen == 0 && dce_style) {
+                /* Windows rejects AEAD tokens with non-zero EC */
+                code = krb5_c_block_size(context, enctype, &ec);
+                if (code != 0) {
+                    *minor_status = code;
+                    return GSS_S_FAILURE;
+                }
+            } else
+                ec = k5_padlen;
+
+            gss_trailerlen += ec;
+        } else {
+            gss_trailerlen = k5_trailerlen; /* Kerb-Checksum */
+        }
      } else if (!dce_style) {
-       k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
+        k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
  
-       if (k5_padlen == 1)
-           gss_padlen = 1;
-       else
-           gss_padlen = k5_padlen - ((data_length - assoc_data_length) % k5_padlen);
+        if (k5_padlen == 1)
+            gss_padlen = 1;
+        else
+            gss_padlen = k5_padlen - ((data_length - assoc_data_length) % k5_padlen);
      }
  
      data_length += gss_padlen;
  
      if (ctx->proto == 0) {
-       /* Header | Checksum | Confounder | Data | Pad */
-       size_t data_size;
+        /* Header | Checksum | Confounder | Data | Pad */
+        size_t data_size;
  
-       k5_headerlen = kg_confounder_size(context, ctx->enc);
+        k5_headerlen = kg_confounder_size(context, ctx->enc);
  
-       data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen;
+        data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen;
  
-       if (!dce_style)
-           data_size += data_length;
+        if (!dce_style)
+            data_size += data_length;
  
-       gss_headerlen = g_token_size(ctx->mech_used, data_size);
+        gss_headerlen = g_token_size(ctx->mech_used, data_size);
  
-       /* g_token_size() will include data_size as well as the overhead, so
-        * subtract data_length just to get the overhead (ie. token size) */
-       if (!dce_style)
-           gss_headerlen -= data_length;
+        /* g_token_size() will include data_size as well as the overhead, so
+         * subtract data_length just to get the overhead (ie. token size) */
+        if (!dce_style)
+            gss_headerlen -= data_length;
      }
  
      if (minor_status != NULL)
-       *minor_status = 0;
+        *minor_status = 0;
  
      if (trailer == NULL)
-       gss_headerlen += gss_trailerlen;
+        gss_headerlen += gss_trailerlen;
      else
-       trailer->buffer.length = gss_trailerlen;
+        trailer->buffer.length = gss_trailerlen;
  
      assert(gss_padlen == 0 || padding != NULL);
  
      if (padding != NULL)
-       padding->buffer.length = gss_padlen;
+        padding->buffer.length = gss_padlen;
  
      header->buffer.length = gss_headerlen;
  
      if (conf_state != NULL)
-       *conf_state = conf_req_flag;
+        *conf_state = conf_req_flag;
  
      return GSS_S_COMPLETE;
  }
-
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c

index b12284fb19a27e507a75f38b0ba23a3413786ad2..26e20d73b4ea15b3af6e9460feb24e852f6e168c 100644 (file)
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -96,10 +96,10 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
                      : KG_USAGE_ACCEPTOR_SIGN));
      if (ctx->have_acceptor_subkey) {
          key = ctx->acceptor_subkey;
-       cksumtype = ctx->acceptor_subkey_cksumtype;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
      } else {
          key = ctx->subkey;
-       cksumtype = ctx->cksumtype;
+        cksumtype = ctx->cksumtype;
      }
      assert(key != NULL);
  
@@ -184,7 +184,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
  #endif
      } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
          krb5_data plain;
-       size_t cksumsize;
+        size_t cksumsize;
  
          /* Here, message is the application-supplied data; message2 is
             what goes into the output token.  They may be the same, or
@@ -198,11 +198,11 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
          if (plain.data == NULL)
              return ENOMEM;
  
-       err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
-       if (err)
-           goto error;
+        err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
+        if (err)
+            goto error;
  
-       assert(cksumsize <= 0xffff);
+        assert(cksumsize <= 0xffff);
  
          bufsize = 16 + message2->length + cksumsize;
          outbuf = malloc(bufsize);
@@ -321,7 +321,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
      krb5_cksumtype cksumtype;
  
      if (ctx->big_endian != 0)
-       goto defective;
+        goto defective;
  
      if (qop_state)
          *qop_state = GSS_C_QOP_DEFAULT;
@@ -367,10 +367,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
      value in that case, though, so we can just ignore the flag.  */
      if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
          key = ctx->acceptor_subkey;
-       cksumtype = ctx->acceptor_subkey_cksumtype;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
      } else {
          key = ctx->subkey;
-       cksumtype = ctx->cksumtype;
+        cksumtype = ctx->cksumtype;
      }
      assert(key != NULL);
  
@@ -429,11 +429,11 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
                  message_buffer->value = NULL;
              }
          } else {
-           size_t cksumsize;
+            size_t cksumsize;
  
-           err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
-           if (err)
-               goto error;
+            err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
+            if (err)
+                goto error;
  
              /* no confidentiality */
              if (conf_state)
diff --git a/src/lib/gssapi/krb5/k5sealv3iov.c b/src/lib/gssapi/krb5/k5sealv3iov.c

index e39665febe5c21f75d2bf095ede362bd6a99e28e..d8542760dda5b8fa2b1e079f79974ded95e8661c 100644 (file)
--- a/src/lib/gssapi/krb5/k5sealv3iov.c
+++ b/src/lib/gssapi/krb5/k5sealv3iov.c
@@ -28,19 +28,19 @@
   */
  
  #include <assert.h>
-#include "k5-platform.h"       /* for 64-bit support */
-#include "k5-int.h"         /* for zap() */
+#include "k5-platform.h"        /* for 64-bit support */
+#include "k5-int.h"          /* for zap() */
  #include "gssapiP_krb5.h"
  #include <stdarg.h>
  
  krb5_error_code
  gss_krb5int_make_seal_token_v3_iov(krb5_context context,
-                                  krb5_gss_ctx_id_rec *ctx,
-                                  int conf_req_flag,
-                                  int *conf_state,
-                                  gss_iov_buffer_desc *iov,
-                                  int iov_count,
-                                  int toktype)
+                                   krb5_gss_ctx_id_rec *ctx,
+                                   int conf_req_flag,
+                                   int *conf_state,
+                                   gss_iov_buffer_desc *iov,
+                                   int iov_count,
+                                   int toktype)
  {
      krb5_error_code code = 0;
      gss_iov_buffer_t header;
@@ -62,18 +62,18 @@ gss_krb5int_make_seal_token_v3_iov(krb5_context context,
  
      acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
      key_usage = (toktype == KG_TOK_WRAP_MSG
-                ? (ctx->initiate
-                   ? KG_USAGE_INITIATOR_SEAL
-                   : KG_USAGE_ACCEPTOR_SEAL)
-                : (ctx->initiate
-                   ? KG_USAGE_INITIATOR_SIGN
-                   : KG_USAGE_ACCEPTOR_SIGN));
+                 ? (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
      if (ctx->have_acceptor_subkey) {
-       key = ctx->acceptor_subkey;
-       cksumtype = ctx->acceptor_subkey_cksumtype;
+        key = ctx->acceptor_subkey;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
      } else {
-       key = ctx->subkey;
-       cksumtype = ctx->cksumtype;
+        key = ctx->subkey;
+        cksumtype = ctx->cksumtype;
      }
      assert(key != NULL);
      assert(cksumtype != 0);
@@ -82,205 +82,205 @@ gss_krb5int_make_seal_token_v3_iov(krb5_context context,
  
      header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
      if (header == NULL)
-       return EINVAL;
+        return EINVAL;
  
      padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
      if (padding != NULL)
-       padding->buffer.length = 0;
+        padding->buffer.length = 0;
  
      trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
  
      outbuf = (unsigned char *)header->buffer.value;
  
      if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
-       unsigned int k5_headerlen, k5_trailerlen, k5_padlen;
-       size_t ec = 0;
-       size_t conf_data_length = data_length - assoc_data_length;
-
-       code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
-       if (code != 0)
-           goto cleanup;
-
-       code = krb5_c_padding_length(context, key->enctype,
-                                    conf_data_length + 16 /* E(Header) */, &k5_padlen);
-       if (code != 0)
-           goto cleanup;
-
-       if (k5_padlen == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
-           /* Windows rejects AEAD tokens with non-zero EC */
-           code = krb5_c_block_size(context, key->enctype, &ec);
-           if (code != 0)
-               goto cleanup;
-       } else
-           ec = k5_padlen;
-
-       code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
-       if (code != 0)
-           goto cleanup;
-
-       gss_headerlen = 16 /* Header */ + k5_headerlen;
-       gss_trailerlen = ec + 16 /* E(Header) */ + k5_trailerlen;
-
-       if (trailer == NULL) {
-           rrc = gss_trailerlen;
-           /* Workaround for Windows bug where it rotates by EC + RRC */
-           if (ctx->gss_flags & GSS_C_DCE_STYLE)
-               rrc -= ec;
-           gss_headerlen += gss_trailerlen;
-       }
-
-       if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
-           code = kg_allocate_iov(header, gss_headerlen);
-       else if (header->buffer.length < gss_headerlen)
-           code = KRB5_BAD_MSIZE;
-       if (code != 0)
-           goto cleanup;
-       header->buffer.length = gss_headerlen;
-
-       if (trailer != NULL) {
-           if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
-               code = kg_allocate_iov(trailer, gss_trailerlen);
-           else if (trailer->buffer.length < gss_trailerlen)
-               code = KRB5_BAD_MSIZE;
-           if (code != 0)
-               goto cleanup;
-           trailer->buffer.length = gss_trailerlen;
-       }
-
-       /* TOK_ID */
-       store_16_be(KG2_TOK_WRAP_MSG, outbuf);
-       /* flags */
-       outbuf[2] = (acceptor_flag
-                    | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
-                    | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
-       /* filler */
-       outbuf[3] = 0xFF;
-       /* EC */
-       store_16_be(ec, outbuf + 4);
-       /* RRC */
-       store_16_be(0, outbuf + 6);
-       store_64_be(ctx->seq_send, outbuf + 8);
-
-       /* EC | copy of header to be encrypted, located in (possibly rotated) trailer */
-       if (trailer == NULL)
-           tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
-       else
-           tbuf = (unsigned char *)trailer->buffer.value;
-
-       memset(tbuf, 0xFF, ec);
-       memcpy(tbuf + ec, header->buffer.value, 16);
-
-       code = kg_encrypt_iov(context, ctx->proto,
-                             ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
-                             ec, rrc, key, key_usage, 0, iov, iov_count);
-       if (code != 0)
-           goto cleanup;
-
-       /* RRC */
-       store_16_be(rrc, outbuf + 6);
-
-       ctx->seq_send++;
+        unsigned int k5_headerlen, k5_trailerlen, k5_padlen;
+        size_t ec = 0;
+        size_t conf_data_length = data_length - assoc_data_length;
+
+        code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+        if (code != 0)
+            goto cleanup;
+
+        code = krb5_c_padding_length(context, key->enctype,
+                                     conf_data_length + 16 /* E(Header) */, &k5_padlen);
+        if (code != 0)
+            goto cleanup;
+
+        if (k5_padlen == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+            /* Windows rejects AEAD tokens with non-zero EC */
+            code = krb5_c_block_size(context, key->enctype, &ec);
+            if (code != 0)
+                goto cleanup;
+        } else
+            ec = k5_padlen;
+
+        code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
+        if (code != 0)
+            goto cleanup;
+
+        gss_headerlen = 16 /* Header */ + k5_headerlen;
+        gss_trailerlen = ec + 16 /* E(Header) */ + k5_trailerlen;
+
+        if (trailer == NULL) {
+            rrc = gss_trailerlen;
+            /* Workaround for Windows bug where it rotates by EC + RRC */
+            if (ctx->gss_flags & GSS_C_DCE_STYLE)
+                rrc -= ec;
+            gss_headerlen += gss_trailerlen;
+        }
+
+        if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+            code = kg_allocate_iov(header, gss_headerlen);
+        else if (header->buffer.length < gss_headerlen)
+            code = KRB5_BAD_MSIZE;
+        if (code != 0)
+            goto cleanup;
+        header->buffer.length = gss_headerlen;
+
+        if (trailer != NULL) {
+            if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+                code = kg_allocate_iov(trailer, gss_trailerlen);
+            else if (trailer->buffer.length < gss_trailerlen)
+                code = KRB5_BAD_MSIZE;
+            if (code != 0)
+                goto cleanup;
+            trailer->buffer.length = gss_trailerlen;
+        }
+
+        /* TOK_ID */
+        store_16_be(KG2_TOK_WRAP_MSG, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag
+                     | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
+                     | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xFF;
+        /* EC */
+        store_16_be(ec, outbuf + 4);
+        /* RRC */
+        store_16_be(0, outbuf + 6);
+        store_64_be(ctx->seq_send, outbuf + 8);
+
+        /* EC | copy of header to be encrypted, located in (possibly rotated) trailer */
+        if (trailer == NULL)
+            tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
+        else
+            tbuf = (unsigned char *)trailer->buffer.value;
+
+        memset(tbuf, 0xFF, ec);
+        memcpy(tbuf + ec, header->buffer.value, 16);
+
+        code = kg_encrypt_iov(context, ctx->proto,
+                              ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                              ec, rrc, key, key_usage, 0, iov, iov_count);
+        if (code != 0)
+            goto cleanup;
+
+        /* RRC */
+        store_16_be(rrc, outbuf + 6);
+
+        ctx->seq_send++;
      } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
-       tok_id = KG2_TOK_WRAP_MSG;
+        tok_id = KG2_TOK_WRAP_MSG;
  
      wrap_with_checksum:
  
-       gss_headerlen = 16;
-
-       code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &gss_trailerlen);
-       if (code != 0)
-           goto cleanup;
-
-       assert(gss_trailerlen <= 0xFFFF);
-
-       if (trailer == NULL) {
-           rrc = gss_trailerlen;
-           gss_headerlen += gss_trailerlen;
-       }
-
-       if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
-           code = kg_allocate_iov(header, gss_headerlen);
-       else if (header->buffer.length < gss_headerlen)
-           code = KRB5_BAD_MSIZE;
-       if (code != 0)
-           goto cleanup;
-       header->buffer.length = gss_headerlen;
-
-       if (trailer != NULL) {
-           if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
-               code = kg_allocate_iov(trailer, gss_trailerlen);
-           else if (trailer->buffer.length < gss_trailerlen)
-               code = KRB5_BAD_MSIZE;
-           if (code != 0)
-               goto cleanup;
-           trailer->buffer.length = gss_trailerlen;
-       }
-
-       /* TOK_ID */
-       store_16_be(tok_id, outbuf);
-       /* flags */
-       outbuf[2] = (acceptor_flag
-                    | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
-       /* filler */
-       outbuf[3] = 0xFF;
-       if (toktype == KG_TOK_WRAP_MSG) {
-           /* Use 0 for checksum calculation, substitute
-            * checksum length later.
-            */
-           /* EC */
-           store_16_be(0, outbuf + 4);
-           /* RRC */
-           store_16_be(0, outbuf + 6);
-       } else {
-           /* MIC and DEL store 0xFF in EC and RRC */
-           store_16_be(0xFFFF, outbuf + 4);
-           store_16_be(0xFFFF, outbuf + 6);
-       }
-       store_64_be(ctx->seq_send, outbuf + 8);
-
-       code = kg_make_checksum_iov_v3(context, cksumtype,
-                                      rrc, key, key_usage,
-                                      iov, iov_count);
-       if (code != 0)
-           goto cleanup;
-
-       ctx->seq_send++;
-
-       if (toktype == KG_TOK_WRAP_MSG) {
-           /* Fix up EC field */
-           store_16_be(gss_trailerlen, outbuf + 4);
-           /* Fix up RRC field */
-           store_16_be(rrc, outbuf + 6);
-       }
+        gss_headerlen = 16;
+
+        code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &gss_trailerlen);
+        if (code != 0)
+            goto cleanup;
+
+        assert(gss_trailerlen <= 0xFFFF);
+
+        if (trailer == NULL) {
+            rrc = gss_trailerlen;
+            gss_headerlen += gss_trailerlen;
+        }
+
+        if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+            code = kg_allocate_iov(header, gss_headerlen);
+        else if (header->buffer.length < gss_headerlen)
+            code = KRB5_BAD_MSIZE;
+        if (code != 0)
+            goto cleanup;
+        header->buffer.length = gss_headerlen;
+
+        if (trailer != NULL) {
+            if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+                code = kg_allocate_iov(trailer, gss_trailerlen);
+            else if (trailer->buffer.length < gss_trailerlen)
+                code = KRB5_BAD_MSIZE;
+            if (code != 0)
+                goto cleanup;
+            trailer->buffer.length = gss_trailerlen;
+        }
+
+        /* TOK_ID */
+        store_16_be(tok_id, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag
+                     | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xFF;
+        if (toktype == KG_TOK_WRAP_MSG) {
+            /* Use 0 for checksum calculation, substitute
+             * checksum length later.
+             */
+            /* EC */
+            store_16_be(0, outbuf + 4);
+            /* RRC */
+            store_16_be(0, outbuf + 6);
+        } else {
+            /* MIC and DEL store 0xFF in EC and RRC */
+            store_16_be(0xFFFF, outbuf + 4);
+            store_16_be(0xFFFF, outbuf + 6);
+        }
+        store_64_be(ctx->seq_send, outbuf + 8);
+
+        code = kg_make_checksum_iov_v3(context, cksumtype,
+                                       rrc, key, key_usage,
+                                       iov, iov_count);
+        if (code != 0)
+            goto cleanup;
+
+        ctx->seq_send++;
+
+        if (toktype == KG_TOK_WRAP_MSG) {
+            /* Fix up EC field */
+            store_16_be(gss_trailerlen, outbuf + 4);
+            /* Fix up RRC field */
+            store_16_be(rrc, outbuf + 6);
+        }
      } else if (toktype == KG_TOK_MIC_MSG) {
-       tok_id = KG2_TOK_MIC_MSG;
-       trailer = NULL;
-       goto wrap_with_checksum;
+        tok_id = KG2_TOK_MIC_MSG;
+        trailer = NULL;
+        goto wrap_with_checksum;
      } else if (toktype == KG_TOK_DEL_CTX) {
-       tok_id = KG2_TOK_DEL_CTX;
-       goto wrap_with_checksum;
+        tok_id = KG2_TOK_DEL_CTX;
+        goto wrap_with_checksum;
      } else {
-       abort();
+        abort();
      }
  
      code = 0;
  
  cleanup:
      if (code != 0)
-       kg_release_iov(iov, iov_count);
+        kg_release_iov(iov, iov_count);
  
      return code;
  }
  
  OM_uint32
  gss_krb5int_unseal_v3_iov(krb5_context context,
-                         OM_uint32 *minor_status,
-                         krb5_gss_ctx_id_rec *ctx,
-                         gss_iov_buffer_desc *iov,
-                         int iov_count,
-                         int *conf_state,
-                         gss_qop_t *qop_state,
-                         int toktype)
+                          OM_uint32 *minor_status,
+                          krb5_gss_ctx_id_rec *ctx,
+                          gss_iov_buffer_desc *iov,
+                          int iov_count,
+                          int *conf_state,
+                          gss_qop_t *qop_state,
+                          int toktype)
  {
      OM_uint32 code;
      gss_iov_buffer_t header;
@@ -298,167 +298,167 @@ gss_krb5int_unseal_v3_iov(krb5_context context,
      int conf_flag = 0;
  
      if (ctx->big_endian != 0)
-       return GSS_S_DEFECTIVE_TOKEN;
+        return GSS_S_DEFECTIVE_TOKEN;
  
      if (qop_state != NULL)
-       *qop_state = GSS_C_QOP_DEFAULT;
+        *qop_state = GSS_C_QOP_DEFAULT;
  
      header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
      assert(header != NULL);
  
      padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
      if (padding != NULL && padding->buffer.length != 0)
-       return GSS_S_DEFECTIVE_TOKEN;
+        return GSS_S_DEFECTIVE_TOKEN;
  
      trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
  
      acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
      key_usage = (toktype == KG_TOK_WRAP_MSG
-                ? (!ctx->initiate 
-                   ? KG_USAGE_INITIATOR_SEAL
-                   : KG_USAGE_ACCEPTOR_SEAL)
-                : (!ctx->initiate
-                   ? KG_USAGE_INITIATOR_SIGN 
-                   : KG_USAGE_ACCEPTOR_SIGN));
+                 ? (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
  
      kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
  
      ptr = (unsigned char *)header->buffer.value;
  
      if (header->buffer.length < 16) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) {
-       *minor_status = (OM_uint32)G_BAD_DIRECTION;
-       return GSS_S_BAD_SIG;
+        *minor_status = (OM_uint32)G_BAD_DIRECTION;
+        return GSS_S_BAD_SIG;
      }
  
      if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
-       key = ctx->acceptor_subkey;
-       cksumtype = ctx->acceptor_subkey_cksumtype;
+        key = ctx->acceptor_subkey;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
      } else {
-       key = ctx->subkey;
-       cksumtype = ctx->cksumtype;
+        key = ctx->subkey;
+        cksumtype = ctx->cksumtype;
      }
      assert(key != NULL);
  
  
      if (toktype == KG_TOK_WRAP_MSG) {
-       unsigned int k5_trailerlen;
-
-       if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
-           goto defective;
-       conf_flag = ((ptr[2] & FLAG_WRAP_CONFIDENTIAL) != 0);
-       if (ptr[3] != 0xFF)
-           goto defective;
-       ec = load_16_be(ptr + 4);
-       rrc = load_16_be(ptr + 6);
-       seqnum = load_64_be(ptr + 8);
-
-       code = krb5_c_crypto_length(context, key->enctype,
-                                   conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
-                                               KRB5_CRYPTO_TYPE_CHECKSUM,
-                                   &k5_trailerlen);
-       if (code != 0) {
-           *minor_status = code;
-           return GSS_S_FAILURE;
-       }
-
-       /* Deal with RRC */
-       if (trailer == NULL) {
-           size_t desired_rrc = k5_trailerlen;
-
-           if (conf_flag) {
-               desired_rrc += 16; /* E(Header) */
-
-               if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
-                   desired_rrc += ec;
-           }
-
-           /* According to MS, we only need to deal with a fixed RRC for DCE */
-           if (rrc != desired_rrc)
-               goto defective;
-       } else if (rrc != 0) {
-           /* Should have been rotated by kg_unseal_stream_iov() */
-           goto defective;
-       }
-
-       if (conf_flag) {
-           unsigned char *althdr;
-
-           /* Decrypt */
-           code = kg_decrypt_iov(context, ctx->proto,
-                                 ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
-                                 ec, rrc,
-                                 key, key_usage, 0, iov, iov_count);
-           if (code != 0) {
-               *minor_status = code;
-               return GSS_S_BAD_SIG;
-           }
-
-           /* Validate header integrity */
-           if (trailer == NULL)
-               althdr = (unsigned char *)header->buffer.value + 16 + ec;
-           else
-               althdr = (unsigned char *)trailer->buffer.value + ec;
-
-           if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
-               || althdr[2] != ptr[2]
-               || althdr[3] != ptr[3]
-               || memcmp(althdr + 8, ptr + 8, 8) != 0) {
-               *minor_status = 0;
-               return GSS_S_BAD_SIG;
-           }
-       } else {
-           /* Verify checksum: note EC is checksum size here, not padding */
-           if (ec != k5_trailerlen)
-               goto defective;
-
-           /* Zero EC, RRC before computing checksum */
-           store_16_be(0, ptr + 4);
-           store_16_be(0, ptr + 6);
-
-           code = kg_verify_checksum_iov_v3(context, cksumtype, rrc,
-                                            key, key_usage,
-                                            iov, iov_count, &valid);
-           if (code != 0 || valid == FALSE) {
-               *minor_status = code;
-               return GSS_S_BAD_SIG;
-           }
-       }
-
-       code = g_order_check(&ctx->seqstate, seqnum);
+        unsigned int k5_trailerlen;
+
+        if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
+            goto defective;
+        conf_flag = ((ptr[2] & FLAG_WRAP_CONFIDENTIAL) != 0);
+        if (ptr[3] != 0xFF)
+            goto defective;
+        ec = load_16_be(ptr + 4);
+        rrc = load_16_be(ptr + 6);
+        seqnum = load_64_be(ptr + 8);
+
+        code = krb5_c_crypto_length(context, key->enctype,
+                                    conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
+                                                KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &k5_trailerlen);
+        if (code != 0) {
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+
+        /* Deal with RRC */
+        if (trailer == NULL) {
+            size_t desired_rrc = k5_trailerlen;
+
+            if (conf_flag) {
+                desired_rrc += 16; /* E(Header) */
+
+                if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
+                    desired_rrc += ec;
+            }
+
+            /* According to MS, we only need to deal with a fixed RRC for DCE */
+            if (rrc != desired_rrc)
+                goto defective;
+        } else if (rrc != 0) {
+            /* Should have been rotated by kg_unseal_stream_iov() */
+            goto defective;
+        }
+
+        if (conf_flag) {
+            unsigned char *althdr;
+
+            /* Decrypt */
+            code = kg_decrypt_iov(context, ctx->proto,
+                                  ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                                  ec, rrc,
+                                  key, key_usage, 0, iov, iov_count);
+            if (code != 0) {
+                *minor_status = code;
+                return GSS_S_BAD_SIG;
+            }
+
+            /* Validate header integrity */
+            if (trailer == NULL)
+                althdr = (unsigned char *)header->buffer.value + 16 + ec;
+            else
+                althdr = (unsigned char *)trailer->buffer.value + ec;
+
+            if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
+                || althdr[2] != ptr[2]
+                || althdr[3] != ptr[3]
+                || memcmp(althdr + 8, ptr + 8, 8) != 0) {
+                *minor_status = 0;
+                return GSS_S_BAD_SIG;
+            }
+        } else {
+            /* Verify checksum: note EC is checksum size here, not padding */
+            if (ec != k5_trailerlen)
+                goto defective;
+
+            /* Zero EC, RRC before computing checksum */
+            store_16_be(0, ptr + 4);
+            store_16_be(0, ptr + 6);
+
+            code = kg_verify_checksum_iov_v3(context, cksumtype, rrc,
+                                             key, key_usage,
+                                             iov, iov_count, &valid);
+            if (code != 0 || valid == FALSE) {
+                *minor_status = code;
+                return GSS_S_BAD_SIG;
+            }
+        }
+
+        code = g_order_check(&ctx->seqstate, seqnum);
      } else if (toktype == KG_TOK_MIC_MSG) {
-       if (load_16_be(ptr) != KG2_TOK_MIC_MSG)
-           goto defective;
+        if (load_16_be(ptr) != KG2_TOK_MIC_MSG)
+            goto defective;
  
      verify_mic_1:
-       if (ptr[3] != 0xFF)
-           goto defective;
-       seqnum = load_64_be(ptr + 8);
-
-       code = kg_verify_checksum_iov_v3(context, cksumtype, 0,
-                                        key, key_usage,
-                                        iov, iov_count, &valid);
-       if (code != 0 || valid == FALSE) {
-           *minor_status = code;
-           return GSS_S_BAD_SIG;
-       }
-       code = g_order_check(&ctx->seqstate, seqnum);
+        if (ptr[3] != 0xFF)
+            goto defective;
+        seqnum = load_64_be(ptr + 8);
+
+        code = kg_verify_checksum_iov_v3(context, cksumtype, 0,
+                                         key, key_usage,
+                                         iov, iov_count, &valid);
+        if (code != 0 || valid == FALSE) {
+            *minor_status = code;
+            return GSS_S_BAD_SIG;
+        }
+        code = g_order_check(&ctx->seqstate, seqnum);
      } else if (toktype == KG_TOK_DEL_CTX) {
-       if (load_16_be(ptr) != KG2_TOK_DEL_CTX)
-           goto defective;
-       goto verify_mic_1;
+        if (load_16_be(ptr) != KG2_TOK_DEL_CTX)
+            goto defective;
+        goto verify_mic_1;
      } else {
-       goto defective;
+        goto defective;
      }
  
      *minor_status = 0;
  
      if (conf_state != NULL)
-       *conf_state = conf_flag;
+        *conf_state = conf_flag;
  
      return code;
  
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c

index a94ac9ef053782cc45aeaba7388feb4b27c46943..8020b15f32b1188642e6755462b56631a0628236 100644 (file)
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -527,8 +527,8 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
      }
  
      if (bodysize < 2) {
-       *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      toktype2 = load_16_be(ptr);
@@ -543,18 +543,18 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
          ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
                                            ptr, bodysize, message_buffer,
                                            conf_state, qop_state, toktype);
-       break;
+        break;
      case KG_TOK_MIC_MSG:
      case KG_TOK_WRAP_MSG:
      case KG_TOK_DEL_CTX:
          ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
                             message_buffer, conf_state, qop_state,
                             toktype);
-       break;
+        break;
      default:
-       *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
-       ret = GSS_S_DEFECTIVE_TOKEN;
-       break;
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        ret = GSS_S_DEFECTIVE_TOKEN;
+        break;
      }
  
      if (ret != 0)
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c

index a9d4c9effb68d4ec58a4c68e872e45c7d3aa032b..87a4b20f96b1a595241279194e4652ca1c49cd06 100644 (file)
--- a/src/lib/gssapi/krb5/k5unsealiov.c
+++ b/src/lib/gssapi/krb5/k5unsealiov.c
@@ -28,21 +28,21 @@
   */
  
  #include <assert.h>
-#include "k5-platform.h"       /* for 64-bit support */
-#include "k5-int.h"         /* for zap() */
+#include "k5-platform.h"        /* for 64-bit support */
+#include "k5-int.h"          /* for zap() */
  #include "gssapiP_krb5.h"
  #include <stdarg.h>
  
  static OM_uint32
  kg_unseal_v1_iov(krb5_context context,
-                OM_uint32 *minor_status,
-                krb5_gss_ctx_id_rec *ctx,
-                gss_iov_buffer_desc *iov,
-                int iov_count,
-                size_t token_wrapper_len,
-                int *conf_state,
-                gss_qop_t *qop_state,
-                int toktype)
+                 OM_uint32 *minor_status,
+                 krb5_gss_ctx_id_rec *ctx,
+                 gss_iov_buffer_desc *iov,
+                 int iov_count,
+                 size_t token_wrapper_len,
+                 int *conf_state,
+                 gss_qop_t *qop_state,
+                 int toktype)
  {
      OM_uint32 code;
      gss_iov_buffer_t header;
@@ -71,17 +71,17 @@ kg_unseal_v1_iov(krb5_context context,
  
      trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
      if (trailer != NULL && trailer->buffer.length != 0) {
-       *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      if (header->buffer.length < token_wrapper_len + 14) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      ptr = (unsigned char *)header->buffer.value + token_wrapper_len;
-   
+
      signalg  = ptr[0];
      signalg |= ptr[1] << 8;
  
@@ -89,106 +89,106 @@ kg_unseal_v1_iov(krb5_context context,
      sealalg |= ptr[3] << 8;
  
      if (ptr[4] != 0xFF || ptr[5] != 0xFF) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      if (toktype != KG_TOK_WRAP_MSG && sealalg != 0xFFFF) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      if (toktype == KG_TOK_WRAP_MSG &&
-       !(sealalg == 0xFFFF || sealalg == ctx->sealalg)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        !(sealalg == 0xFFFF || sealalg == ctx->sealalg)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
-       (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
-       (ctx->sealalg == SEAL_ALG_DES3KD &&
-        signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
-       (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
-        signalg != SGN_ALG_HMAC_MD5)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
+        (ctx->sealalg == SEAL_ALG_DES3KD &&
+         signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
+        (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
+         signalg != SGN_ALG_HMAC_MD5)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      switch (signalg) {
      case SGN_ALG_DES_MAC_MD5:
      case SGN_ALG_MD2_5:
      case SGN_ALG_HMAC_MD5:
-       cksum_len = 8;
-       if (toktype != KG_TOK_WRAP_MSG)
-           sign_usage = 15;
-       break;
+        cksum_len = 8;
+        if (toktype != KG_TOK_WRAP_MSG)
+            sign_usage = 15;
+        break;
      case SGN_ALG_3:
-       cksum_len = 16;
-       break;
+        cksum_len = 16;
+        break;
      case SGN_ALG_HMAC_SHA1_DES3_KD:
-       cksum_len = 20;
-       break;
+        cksum_len = 20;
+        break;
      default:
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      /* get the token parameters */
      code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction,
-                         &seqnum);
+                          &seqnum);
      if (code != 0) {
-       *minor_status = code;
-       return GSS_S_BAD_SIG;
+        *minor_status = code;
+        return GSS_S_BAD_SIG;
      }
  
      assert(ctx->big_endian == 0);
  
      /* decode the message, if SEAL */
      if (toktype == KG_TOK_WRAP_MSG) {
-       if (sealalg != 0xFFFF) {
-           if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
-               unsigned char bigend_seqnum[4];
-               krb5_keyblock *enc_key;
-               size_t i;
-
-               bigend_seqnum[0] = (seqnum >> 24) & 0xFF;
-               bigend_seqnum[1] = (seqnum >> 16) & 0xFF;
-               bigend_seqnum[2] = (seqnum >> 8 ) & 0xFF;
-               bigend_seqnum[3] = (seqnum      ) & 0xFF;
-
-               code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
-               if (code != 0) {
-                   retval = GSS_S_FAILURE;
-                   goto cleanup;
-               }
-
-               assert(enc_key->length == 16);
-
-               for (i = 0; i < enc_key->length; i++)
-                   ((char *)enc_key->contents)[i] ^= 0xF0;
-
-               code = kg_arcfour_docrypt_iov(context, enc_key, 0,
-                                             &bigend_seqnum[0], 4,
-                                             iov, iov_count);
-               krb5_free_keyblock(context, enc_key);
-           } else {
-               code = kg_decrypt_iov(context, 0,
-                                     ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
-                                     0 /*EC*/, 0 /*RRC*/,
-                                     ctx->enc, KG_USAGE_SEAL, NULL,
-                                     iov, iov_count);
-           }
-           if (code != 0) {
-               retval = GSS_S_FAILURE;
-               goto cleanup;
-           }
-       }
-       conflen = kg_confounder_size(context, ctx->enc);
+        if (sealalg != 0xFFFF) {
+            if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+                unsigned char bigend_seqnum[4];
+                krb5_keyblock *enc_key;
+                size_t i;
+
+                bigend_seqnum[0] = (seqnum >> 24) & 0xFF;
+                bigend_seqnum[1] = (seqnum >> 16) & 0xFF;
+                bigend_seqnum[2] = (seqnum >> 8 ) & 0xFF;
+                bigend_seqnum[3] = (seqnum      ) & 0xFF;
+
+                code = krb5_copy_keyblock(context, ctx->enc, &enc_key);
+                if (code != 0) {
+                    retval = GSS_S_FAILURE;
+                    goto cleanup;
+                }
+
+                assert(enc_key->length == 16);
+
+                for (i = 0; i < enc_key->length; i++)
+                    ((char *)enc_key->contents)[i] ^= 0xF0;
+
+                code = kg_arcfour_docrypt_iov(context, enc_key, 0,
+                                              &bigend_seqnum[0], 4,
+                                              iov, iov_count);
+                krb5_free_keyblock(context, enc_key);
+            } else {
+                code = kg_decrypt_iov(context, 0,
+                                      ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                                      0 /*EC*/, 0 /*RRC*/,
+                                      ctx->enc, KG_USAGE_SEAL, NULL,
+                                      iov, iov_count);
+            }
+            if (code != 0) {
+                retval = GSS_S_FAILURE;
+                goto cleanup;
+            }
+        }
+        conflen = kg_confounder_size(context, ctx->enc);
      }
  
      if (header->buffer.length != token_wrapper_len + 14 + cksum_len + conflen) {
-       retval = GSS_S_DEFECTIVE_TOKEN;
-       goto cleanup;
+        retval = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
      }
  
      /* compute the checksum of the message */
@@ -200,67 +200,67 @@ kg_unseal_v1_iov(krb5_context context,
      case SGN_ALG_MD2_5:
      case SGN_ALG_DES_MAC:
      case SGN_ALG_3:
-       md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+        break;
      case SGN_ALG_HMAC_MD5:
-       md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        break;
      case SGN_ALG_HMAC_SHA1_DES3_KD:
-       md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
      default:
-       abort();
+        abort();
      }
  
      code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
      if (code != 0) {
-       retval = GSS_S_FAILURE;
-       goto cleanup;
+        retval = GSS_S_FAILURE;
+        goto cleanup;
      }
      md5cksum.length = sumlen;
  
      /* compute the checksum of the message */
      code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type,
-                                  cksum_len, ctx->seq, ctx->enc,
-                                  sign_usage, iov, iov_count, toktype,
-                                  &md5cksum);
+                                   cksum_len, ctx->seq, ctx->enc,
+                                   sign_usage, iov, iov_count, toktype,
+                                   &md5cksum);
      if (code != 0) {
-       retval = GSS_S_FAILURE;
-       goto cleanup;
+        retval = GSS_S_FAILURE;
+        goto cleanup;
      }
  
      switch (signalg) {
      case SGN_ALG_DES_MAC_MD5:
      case SGN_ALG_3:
-       code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
-                         (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
-                          ctx->seq->contents : NULL),
-                         md5cksum.contents, md5cksum.contents, 16);
-       if (code != 0) {
-           retval = GSS_S_FAILURE;
-           goto cleanup;
-       }
-
-       cksum.length = cksum_len;
-       cksum.contents = md5cksum.contents + 16 - cksum.length;
-
-       code = memcmp(cksum.contents, ptr + 14, cksum.length);
-       break;
+        code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+                          (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+                           ctx->seq->contents : NULL),
+                          md5cksum.contents, md5cksum.contents, 16);
+        if (code != 0) {
+            retval = GSS_S_FAILURE;
+            goto cleanup;
+        }
+
+        cksum.length = cksum_len;
+        cksum.contents = md5cksum.contents + 16 - cksum.length;
+
+        code = memcmp(cksum.contents, ptr + 14, cksum.length);
+        break;
      case SGN_ALG_HMAC_SHA1_DES3_KD:
      case SGN_ALG_HMAC_MD5:
-       code = memcmp(md5cksum.contents, ptr + 14, cksum_len);
-       break;
+        code = memcmp(md5cksum.contents, ptr + 14, cksum_len);
+        break;
      default:
-       code = 0;
-       retval = GSS_S_DEFECTIVE_TOKEN;
-       goto cleanup;
-       break;
+        code = 0;
+        retval = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+        break;
      }
  
      if (code != 0) {
-       code = 0;
-       retval = GSS_S_BAD_SIG;
-       goto cleanup;
+        code = 0;
+        retval = GSS_S_BAD_SIG;
+        goto cleanup;
      }
  
      /*
@@ -271,35 +271,35 @@ kg_unseal_v1_iov(krb5_context context,
       * this and fixup the last data IOV appropriately.
       */
      if (toktype == KG_TOK_WRAP_MSG &&
-       (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
-       retval = kg_fixup_padding_iov(&code, iov, iov_count);
-       if (retval != GSS_S_COMPLETE)
-           goto cleanup;
+        (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
+        retval = kg_fixup_padding_iov(&code, iov, iov_count);
+        if (retval != GSS_S_COMPLETE)
+            goto cleanup;
      }
  
      if (conf_state != NULL)
-       *conf_state = (sealalg != 0xFFFF);
+        *conf_state = (sealalg != 0xFFFF);
  
      if (qop_state != NULL)
-       *qop_state = GSS_C_QOP_DEFAULT;
+        *qop_state = GSS_C_QOP_DEFAULT;
  
      code = krb5_timeofday(context, &now);
      if (code != 0) {
-       *minor_status = code;
-       retval = GSS_S_FAILURE;
-       goto cleanup;
+        *minor_status = code;
+        retval = GSS_S_FAILURE;
+        goto cleanup;
      }
  
      if (now > ctx->krb_times.endtime) {
-       *minor_status = 0;
-       retval = GSS_S_CONTEXT_EXPIRED;
-       goto cleanup;
+        *minor_status = 0;
+        retval = GSS_S_CONTEXT_EXPIRED;
+        goto cleanup;
      }
  
      if ((ctx->initiate && direction != 0xff) ||
-       (!ctx->initiate && direction != 0)) {
-       *minor_status = (OM_uint32)G_BAD_DIRECTION;
-       retval = GSS_S_BAD_SIG;
+        (!ctx->initiate && direction != 0)) {
+        *minor_status = (OM_uint32)G_BAD_DIRECTION;
+        retval = GSS_S_BAD_SIG;
      }
  
      code = 0;
@@ -320,12 +320,12 @@ cleanup:
   */
  static OM_uint32
  kg_unseal_iov_token(OM_uint32 *minor_status,
-                   krb5_gss_ctx_id_rec *ctx,
-                   int *conf_state,
-                   gss_qop_t *qop_state,
-                   gss_iov_buffer_desc *iov,
-                   int iov_count,
-                   int toktype)
+                    krb5_gss_ctx_id_rec *ctx,
+                    int *conf_state,
+                    gss_qop_t *qop_state,
+                    gss_iov_buffer_desc *iov,
+                    int iov_count,
+                    int toktype)
  {
      krb5_error_code code;
      krb5_context context = ctx->k5_context;
@@ -340,8 +340,8 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
  
      header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
      if (header == NULL) {
-       *minor_status = EINVAL;
-       return GSS_S_FAILURE;
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
      }
  
      padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
@@ -351,33 +351,33 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
      input_length = header->buffer.length;
  
      if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
-       size_t data_length, assoc_data_length;
+        size_t data_length, assoc_data_length;
  
-       kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+        kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
  
-       input_length += data_length - assoc_data_length;
+        input_length += data_length - assoc_data_length;
  
-       if (padding != NULL)
-           input_length += padding->buffer.length;
+        if (padding != NULL)
+            input_length += padding->buffer.length;
  
-       if (trailer != NULL)
-           input_length += trailer->buffer.length;
+        if (trailer != NULL)
+            input_length += trailer->buffer.length;
      }
  
      if (ctx->gss_flags & GSS_C_DCE_STYLE)
-       vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE;
+        vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE;
  
      code = g_verify_token_header(ctx->mech_used,
-                                &bodysize, &ptr, -1,
-                                input_length, 0);
+                                 &bodysize, &ptr, -1,
+                                 input_length, 0);
      if (code != 0) {
          *minor_status = code;
          return GSS_S_DEFECTIVE_TOKEN;
      }
  
      if (bodysize < 2) {
-       *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      toktype2 = load_16_be(ptr);
@@ -389,24 +389,24 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
      case KG2_TOK_MIC_MSG:
      case KG2_TOK_WRAP_MSG:
      case KG2_TOK_DEL_CTX:
-       code = gss_krb5int_unseal_v3_iov(context, minor_status, ctx, iov, iov_count,
-                                        conf_state, qop_state, toktype);
-       break;
+        code = gss_krb5int_unseal_v3_iov(context, minor_status, ctx, iov, iov_count,
+                                         conf_state, qop_state, toktype);
+        break;
      case KG_TOK_MIC_MSG:
      case KG_TOK_WRAP_MSG:
      case KG_TOK_DEL_CTX:
-       code = kg_unseal_v1_iov(context, minor_status, ctx, iov, iov_count,
-                               (size_t)(ptr - (unsigned char *)header->buffer.value),
-                               conf_state, qop_state, toktype);
-       break;
+        code = kg_unseal_v1_iov(context, minor_status, ctx, iov, iov_count,
+                                (size_t)(ptr - (unsigned char *)header->buffer.value),
+                                conf_state, qop_state, toktype);
+        break;
      default:
-       *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
-       code = GSS_S_DEFECTIVE_TOKEN;
-       break;
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        code = GSS_S_DEFECTIVE_TOKEN;
+        break;
      }
  
      if (code != 0)
-       save_error_info(*minor_status, context);
+        save_error_info(*minor_status, context);
  
      return code;
  }
@@ -417,12 +417,12 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
   */
  static OM_uint32
  kg_unseal_stream_iov(OM_uint32 *minor_status,
-                    krb5_gss_ctx_id_rec *ctx,
-                    int *conf_state,
-                    gss_qop_t *qop_state,
-                    gss_iov_buffer_desc *iov,
-                    int iov_count,
-                    int toktype)
+                     krb5_gss_ctx_id_rec *ctx,
+                     int *conf_state,
+                     gss_qop_t *qop_state,
+                     gss_iov_buffer_desc *iov,
+                     int iov_count,
+                     int toktype)
  {
      unsigned char *ptr;
      unsigned int bodysize;
@@ -437,8 +437,8 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
      assert(toktype == KG_TOK_WRAP_MSG);
  
      if (toktype != KG_TOK_WRAP_MSG || (ctx->gss_flags & GSS_C_DCE_STYLE)) {
-       code = EINVAL;
-       goto cleanup;
+        code = EINVAL;
+        goto cleanup;
      }
  
      stream = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM);
@@ -447,16 +447,16 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
      ptr = (unsigned char *)stream->buffer.value;
  
      code = g_verify_token_header(ctx->mech_used,
-                                &bodysize, &ptr, -1,
-                                stream->buffer.length, 0);
+                                 &bodysize, &ptr, -1,
+                                 stream->buffer.length, 0);
      if (code != 0) {
-       major_status = GSS_S_DEFECTIVE_TOKEN;
-       goto cleanup;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
      }
  
      if (bodysize < 2) {
-       *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      toktype2 = load_16_be(ptr);
@@ -466,8 +466,8 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
  
      tiov = (gss_iov_buffer_desc *)calloc((size_t)iov_count + 2, sizeof(gss_iov_buffer_desc));
      if (tiov == NULL) {
-       code = ENOMEM;
-       goto cleanup;
+        code = ENOMEM;
+        goto cleanup;
      }
  
      /* HEADER */
@@ -476,35 +476,35 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
      theader->buffer.value = stream->buffer.value;
      theader->buffer.length = ptr - (unsigned char *)stream->buffer.value;
      if (bodysize < 14 ||
-       stream->buffer.length != theader->buffer.length + bodysize) {
-       major_status = GSS_S_DEFECTIVE_TOKEN;
-       goto cleanup;
+        stream->buffer.length != theader->buffer.length + bodysize) {
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
      }
      theader->buffer.length += 14;
  
      /* n[SIGN_DATA] | DATA | m[SIGN_DATA] */
      for (j = 0; j < iov_count; j++) {
-       OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type);
+        OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type);
  
-       if (type == GSS_IOV_BUFFER_TYPE_DATA) {
-           if (data != NULL) {
-               /* only a single DATA buffer can appear */
-               code = EINVAL;
-               goto cleanup;
-           }
+        if (type == GSS_IOV_BUFFER_TYPE_DATA) {
+            if (data != NULL) {
+                /* only a single DATA buffer can appear */
+                code = EINVAL;
+                goto cleanup;
+            }
  
-           data = &iov[j];
-           tdata = &tiov[i];
-       }
-       if (type == GSS_IOV_BUFFER_TYPE_DATA ||
-           type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
-           tiov[i++] = iov[j];
+            data = &iov[j];
+            tdata = &tiov[i];
+        }
+        if (type == GSS_IOV_BUFFER_TYPE_DATA ||
+            type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            tiov[i++] = iov[j];
      }
  
      if (data == NULL) {
-       /* a single DATA buffer must be present */
-       code = EINVAL;
-       goto cleanup;
+        /* a single DATA buffer must be present */
+        code = EINVAL;
+        goto cleanup;
      }
  
      /* PADDING | TRAILER */
@@ -520,65 +520,65 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
      case KG2_TOK_MIC_MSG:
      case KG2_TOK_WRAP_MSG:
      case KG2_TOK_DEL_CTX: {
-       size_t ec, rrc;
-       krb5_enctype enctype = ctx->enc->enctype;
-       unsigned int k5_headerlen = 0;
-       unsigned int k5_trailerlen = 0;
-
-       conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
-       ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
-       rrc = load_16_be(ptr + 4);
-
-       if (rrc != 0) {
-           if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16,
-                                        stream->buffer.length - 16, rrc)) {
-               code = ENOMEM;
-               goto cleanup;
-           }
-           store_16_be(0, ptr + 4); /* set RRC to zero */
-       }
-
-       if (conf_req_flag) {
-           code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
-           if (code != 0)
-               goto cleanup;
-           theader->buffer.length += k5_headerlen; /* length validated later */
-       }
-
-       /* no PADDING for CFX, EC is used instead */
-       code = krb5_c_crypto_length(context, enctype,
-                                   conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
-                                   &k5_trailerlen);
-       if (code != 0)
-           goto cleanup;
-
-       ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
-       ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
-                                stream->buffer.length - ttrailer->buffer.length;
-       break;
+        size_t ec, rrc;
+        krb5_enctype enctype = ctx->enc->enctype;
+        unsigned int k5_headerlen = 0;
+        unsigned int k5_trailerlen = 0;
+
+        conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
+        ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
+        rrc = load_16_be(ptr + 4);
+
+        if (rrc != 0) {
+            if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16,
+                                         stream->buffer.length - 16, rrc)) {
+                code = ENOMEM;
+                goto cleanup;
+            }
+            store_16_be(0, ptr + 4); /* set RRC to zero */
+        }
+
+        if (conf_req_flag) {
+            code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+            if (code != 0)
+                goto cleanup;
+            theader->buffer.length += k5_headerlen; /* length validated later */
+        }
+
+        /* no PADDING for CFX, EC is used instead */
+        code = krb5_c_crypto_length(context, enctype,
+                                    conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &k5_trailerlen);
+        if (code != 0)
+            goto cleanup;
+
+        ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
+        ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
+                                 stream->buffer.length - ttrailer->buffer.length;
+        break;
      }
      case KG_TOK_MIC_MSG:
      case KG_TOK_WRAP_MSG:
      case KG_TOK_DEL_CTX:
-       theader->buffer.length += ctx->cksum_size + kg_confounder_size(context, ctx->enc);
+        theader->buffer.length += ctx->cksum_size + kg_confounder_size(context, ctx->enc);
  
-       /*
-        * we can't set the padding accurately until decryption;
-        * kg_fixup_padding_iov() will take care of this
-        */
-       tpadding->buffer.length = 1;
-       tpadding->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - 1;
+        /*
+         * we can't set the padding accurately until decryption;
+         * kg_fixup_padding_iov() will take care of this
+         */
+        tpadding->buffer.length = 1;
+        tpadding->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - 1;
  
-       /* no TRAILER for pre-CFX */
-       ttrailer->buffer.length = 0;
-       ttrailer->buffer.value = NULL;
+        /* no TRAILER for pre-CFX */
+        ttrailer->buffer.length = 0;
+        ttrailer->buffer.value = NULL;
  
-       break;
+        break;
      default:
-       code = (OM_uint32)G_BAD_TOK_HEADER;
-       major_status = GSS_S_DEFECTIVE_TOKEN;
-       goto cleanup;
-       break;
+        code = (OM_uint32)G_BAD_TOK_HEADER;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+        break;
      }
  
      /* IOV: -----------0-------------+---1---+--2--+----------------3--------------*/
@@ -588,45 +588,45 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
  
      /* validate lengths */
      if (stream->buffer.length < theader->buffer.length +
-                               tpadding->buffer.length +
-                               ttrailer->buffer.length)
+                                tpadding->buffer.length +
+                                ttrailer->buffer.length)
      {
-       code = (OM_uint32)KRB5_BAD_MSIZE;
-       major_status = GSS_S_DEFECTIVE_TOKEN;
-       goto cleanup;
+        code = (OM_uint32)KRB5_BAD_MSIZE;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
      }
  
      /* setup data */
      tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
-                          tpadding->buffer.length - theader->buffer.length;
+                           tpadding->buffer.length - theader->buffer.length;
  
      assert(data != NULL);
  
      if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
-       code = kg_allocate_iov(tdata, tdata->buffer.length);
-       if (code != 0)
-           goto cleanup;
-       memcpy(tdata->buffer.value,
-              (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length);
+        code = kg_allocate_iov(tdata, tdata->buffer.length);
+        if (code != 0)
+            goto cleanup;
+        memcpy(tdata->buffer.value,
+               (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length);
      } else
-       tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length;
+        tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length;
  
      assert(i <= iov_count + 2);
  
      major_status = kg_unseal_iov_token(&code, ctx, conf_state, qop_state,
-                                      tiov, i, toktype);
+                                       tiov, i, toktype);
      if (major_status == GSS_S_COMPLETE)
-       *data = *tdata;
+        *data = *tdata;
      else if (tdata->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
-       OM_uint32 tmp;
+        OM_uint32 tmp;
  
-       gss_release_buffer(&tmp, &tdata->buffer);
-       tdata->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+        gss_release_buffer(&tmp, &tdata->buffer);
+        tdata->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
      }
  
  cleanup:
      if (tiov != NULL)
-       free(tiov);
+        free(tiov);
  
      *minor_status = code;
  
@@ -635,35 +635,34 @@ cleanup:
  
  OM_uint32
  kg_unseal_iov(OM_uint32 *minor_status,
-             gss_ctx_id_t context_handle,
-             int *conf_state,
-             gss_qop_t *qop_state,
-             gss_iov_buffer_desc *iov,
-             int iov_count,
-             int toktype)
+              gss_ctx_id_t context_handle,
+              int *conf_state,
+              gss_qop_t *qop_state,
+              gss_iov_buffer_desc *iov,
+              int iov_count,
+              int toktype)
  {
      krb5_gss_ctx_id_rec *ctx;
      OM_uint32 code;
  
      if (!kg_validate_ctx_id(context_handle)) {
-       *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-       return GSS_S_NO_CONTEXT;
+        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+        return GSS_S_NO_CONTEXT;
      }
  
      ctx = (krb5_gss_ctx_id_rec *)context_handle;
      if (!ctx->established) {
-       *minor_status = KG_CTX_INCOMPLETE;
-       return GSS_S_NO_CONTEXT;
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
      }
  
      if (kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM) != NULL) {
-       code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state,
-                                   iov, iov_count, toktype);
+        code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state,
+                                    iov, iov_count, toktype);
      } else {
-       code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state,
-                                  iov, iov_count, toktype);
+        code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state,
+                                   iov, iov_count, toktype);
      }
  
      return code;
  }
-
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c

index 5b7cbdf21c0d9eda0553915aa2e8b8af6847a22b..20e9d7fd653e4fd00638ea48000340436534a29b 100644 (file)
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -61,26 +61,26 @@ gss_krb5_get_tkt_flags(
      krb5_flags *ticket_flags)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH,
-       GSS_KRB5_GET_TKT_FLAGS_OID };
+        GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH,
+        GSS_KRB5_GET_TKT_FLAGS_OID };
      OM_uint32 major_status;
      gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
  
      if (ticket_flags == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      major_status = gss_inquire_sec_context_by_oid(minor_status,
-                                                 context_handle,
-                                                 (const gss_OID)&req_oid,
-                                                 &data_set);
+                                                  context_handle,
+                                                  (const gss_OID)&req_oid,
+                                                  &data_set);
      if (major_status != GSS_S_COMPLETE)
-       return major_status;
+        return major_status;
  
      if (data_set == GSS_C_NO_BUFFER_SET ||
          data_set->count != 1 ||
-       data_set->elements[0].length != sizeof(*ticket_flags)) {
-       *minor_status = EINVAL;
-       return GSS_S_FAILURE;
+        data_set->elements[0].length != sizeof(*ticket_flags)) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
      }
  
      *ticket_flags = *((krb5_flags *)data_set->elements[0].value);
@@ -99,21 +99,21 @@ gss_krb5_copy_ccache(
      krb5_ccache out_ccache)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_COPY_CCACHE_OID_LENGTH,
-       GSS_KRB5_COPY_CCACHE_OID };
+        GSS_KRB5_COPY_CCACHE_OID_LENGTH,
+        GSS_KRB5_COPY_CCACHE_OID };
      OM_uint32 major_status;
      gss_buffer_desc req_buffer;
  
      if (out_ccache == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      req_buffer.value = out_ccache;
      req_buffer.length = sizeof(out_ccache);
  
      major_status = gssspi_set_cred_option(minor_status,
-                                         cred_handle,
-                                         (const gss_OID)&req_oid,
-                                         &req_buffer);
+                                          cred_handle,
+                                          (const gss_OID)&req_oid,
+                                          &req_buffer);
  
      return major_status;
  }
@@ -131,7 +131,7 @@ gss_krb5_export_lucid_sec_context(
      gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
  
      if (kctx == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      *kctx = NULL;
  
@@ -139,25 +139,25 @@ gss_krb5_export_lucid_sec_context(
      req_oid.length = sizeof(oid_buf);
  
      major_status = generic_gss_oid_compose(minor_status,
-                                          GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
-                                          GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
-                                          (int)version,
-                                          &req_oid);
+                                           GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+                                           GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+                                           (int)version,
+                                           &req_oid);
      if (GSS_ERROR(major_status))
-       return major_status;
+        return major_status;
  
      major_status = gss_inquire_sec_context_by_oid(minor_status,
-                                                 *context_handle,
-                                                 &req_oid,
-                                                 &data_set);
+                                                  *context_handle,
+                                                  &req_oid,
+                                                  &data_set);
      if (GSS_ERROR(major_status))
-       return major_status;
+        return major_status;
  
      if (data_set == GSS_C_NO_BUFFER_SET ||
          data_set->count != 1 ||
-       data_set->elements[0].length != sizeof(void *)) {
-       *minor_status = EINVAL;
-       return GSS_S_FAILURE;
+        data_set->elements[0].length != sizeof(void *)) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
      }
  
      *kctx = *((void **)data_set->elements[0].value);
@@ -181,12 +181,12 @@ gss_krb5_set_allowable_enctypes(
      krb5_enctype *ktypes)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH,
-       GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID };
+        GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH,
+        GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID };
      OM_uint32 major_status;
      struct krb5_gss_set_allowable_enctypes_req req;
      gss_buffer_desc req_buffer;
-    
+
      req.num_ktypes = num_ktypes;
      req.ktypes = ktypes;
  
@@ -194,9 +194,9 @@ gss_krb5_set_allowable_enctypes(
      req_buffer.value = &req;
  
      major_status = gssspi_set_cred_option(minor_status,
-                                         cred,
-                                         (const gss_OID)&req_oid,
-                                         &req_buffer);
+                                          cred,
+                                          (const gss_OID)&req_oid,
+                                          &req_buffer);
  
      return major_status;
  }
@@ -208,8 +208,8 @@ gss_krb5_ccache_name(
      const char **out_name)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_CCACHE_NAME_OID_LENGTH,
-       GSS_KRB5_CCACHE_NAME_OID };
+        GSS_KRB5_CCACHE_NAME_OID_LENGTH,
+        GSS_KRB5_CCACHE_NAME_OID };
      OM_uint32 major_status;
      struct krb5_gss_ccache_name_req req;
      gss_buffer_desc req_buffer;
@@ -221,11 +221,11 @@ gss_krb5_ccache_name(
      req_buffer.value = &req;
  
      major_status = gssspi_mech_invoke(minor_status,
-                                     (const gss_OID)gss_mech_krb5,
-                                     (const gss_OID)&req_oid,
-                                     &req_buffer);
+                                      (const gss_OID)gss_mech_krb5,
+                                      (const gss_OID)&req_oid,
+                                      &req_buffer);
  
-    return major_status;    
+    return major_status;
  }
  
  OM_uint32 KRB5_CALLCONV
@@ -234,8 +234,8 @@ gss_krb5_free_lucid_sec_context(
      void *kctx)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
-       GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
+        GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
+        GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
      OM_uint32 major_status;
      gss_buffer_desc req_buffer;
  
@@ -243,19 +243,19 @@ gss_krb5_free_lucid_sec_context(
      req_buffer.value = kctx;
  
      major_status = gssspi_mech_invoke(minor_status,
-                                     (const gss_OID)gss_mech_krb5,
-                                     (const gss_OID)&req_oid,
-                                     &req_buffer);
+                                      (const gss_OID)gss_mech_krb5,
+                                      (const gss_OID)&req_oid,
+                                      &req_buffer);
  
-    return major_status;    
+    return major_status;
  }
  
  OM_uint32 KRB5_CALLCONV
  krb5_gss_register_acceptor_identity(const char *keytab)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
-       GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
+        GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
+        GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
      OM_uint32 major_status;
      OM_uint32 minor_status;
      gss_buffer_desc req_buffer;
@@ -264,19 +264,19 @@ krb5_gss_register_acceptor_identity(const char *keytab)
      req_buffer.value = (char *)keytab;
  
      major_status = gssspi_mech_invoke(&minor_status,
-                                     (const gss_OID)gss_mech_krb5,
-                                     (const gss_OID)&req_oid,
-                                     &req_buffer);
+                                      (const gss_OID)gss_mech_krb5,
+                                      (const gss_OID)&req_oid,
+                                      &req_buffer);
  
-    return major_status;    
+    return major_status;
  }
  
  krb5_error_code
  krb5_gss_use_kdc_context(void)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
-       GSS_KRB5_USE_KDC_CONTEXT_OID };
+        GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
+        GSS_KRB5_USE_KDC_CONTEXT_OID };
      OM_uint32 major_status;
      OM_uint32 minor_status;
      gss_buffer_desc req_buffer;
@@ -285,9 +285,9 @@ krb5_gss_use_kdc_context(void)
      req_buffer.value = NULL;
  
      major_status = gssspi_mech_invoke(&minor_status,
-                                     (const gss_OID)gss_mech_krb5,
-                                     (const gss_OID)&req_oid,
-                                     &req_buffer);
+                                      (const gss_OID)gss_mech_krb5,
+                                      (const gss_OID)&req_oid,
+                                      &req_buffer);
  
      return major_status;    
  }
@@ -309,30 +309,30 @@ gsskrb5_extract_authz_data_from_sec_context(
      gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
  
      if (ad_data == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      req_oid.elements = oid_buf;
      req_oid.length = sizeof(oid_buf);
  
      major_status = generic_gss_oid_compose(minor_status,
-                                          GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
-                                          GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
-                                          ad_type,
-                                          &req_oid);
+                                           GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+                                           GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+                                           ad_type,
+                                           &req_oid);
      if (GSS_ERROR(major_status))
-       return major_status;
+        return major_status;
  
      major_status = gss_inquire_sec_context_by_oid(minor_status,
-                                                 context_handle,
-                                                 (const gss_OID)&req_oid,
-                                                 &data_set);
+                                                  context_handle,
+                                                  (const gss_OID)&req_oid,
+                                                  &data_set);
      if (major_status != GSS_S_COMPLETE) {
-       return major_status;
+        return major_status;
      }
  
      if (data_set == GSS_C_NO_BUFFER_SET ||
-       data_set->count != 1) {
-       return GSS_S_FAILURE;
+        data_set->count != 1) {
+        return GSS_S_FAILURE;
      }
  
      ad_data->length = data_set->elements[0].length;
@@ -355,48 +355,48 @@ gss_krb5_set_cred_rcache(
      krb5_rcache rcache)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH,
-       GSS_KRB5_SET_CRED_RCACHE_OID };
+        GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH,
+        GSS_KRB5_SET_CRED_RCACHE_OID };
      OM_uint32 major_status;
      gss_buffer_desc req_buffer;
-    
+
      req_buffer.length = sizeof(rcache);
      req_buffer.value = rcache;
  
      major_status = gssspi_set_cred_option(minor_status,
-                                         cred,
-                                         (const gss_OID)&req_oid,
-                                         &req_buffer);
+                                          cred,
+                                          (const gss_OID)&req_oid,
+                                          &req_buffer);
  
      return major_status;
  }
  
  OM_uint32 KRB5_CALLCONV
  gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
-                                         gss_ctx_id_t context_handle,
-                                         krb5_timestamp *authtime)
+                                          gss_ctx_id_t context_handle,
+                                          krb5_timestamp *authtime)
  {
      static const gss_OID_desc const req_oid = {
-       GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
-       GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
+        GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
+        GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
      OM_uint32 major_status;
      gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
  
      if (authtime == NULL)
-       return GSS_S_CALL_INACCESSIBLE_WRITE;
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
  
      major_status = gss_inquire_sec_context_by_oid(minor_status,
-                                                 context_handle,
-                                                 (const gss_OID)&req_oid,
-                                                 &data_set);
+                                                  context_handle,
+                                                  (const gss_OID)&req_oid,
+                                                  &data_set);
      if (major_status != GSS_S_COMPLETE)
-       return major_status;
+        return major_status;
  
      if (data_set == GSS_C_NO_BUFFER_SET ||
          data_set->count != 1 ||
-       data_set->elements[0].length != sizeof(*authtime)) {
-       *minor_status = EINVAL;
-       return GSS_S_FAILURE;
+        data_set->elements[0].length != sizeof(*authtime)) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
      }
  
      *authtime = *((krb5_timestamp *)data_set->elements[0].value);
@@ -407,4 +407,3 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
  
      return GSS_S_COMPLETE;
  }
-
diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c

index b66fe5c7b5f65692516abe3d5f7638b165478d7c..32b0e13f72ba313db4438b77812ac8f2c58bcd54 100644 (file)
--- a/src/lib/gssapi/krb5/lucid_context.c
+++ b/src/lib/gssapi/krb5/lucid_context.c
@@ -64,15 +64,15 @@ OM_uint32 KRB5_CALLCONV
  gss_krb5int_export_lucid_sec_context(
      OM_uint32           *minor_status,
      gss_ctx_id_t        context_handle,
-    const gss_OID      desired_object,
-    gss_buffer_set_t   *data_set)
+    const gss_OID       desired_object,
+    gss_buffer_set_t    *data_set)
  {
      krb5_error_code     kret = 0;
      OM_uint32           retval;
      krb5_gss_ctx_id_t   ctx = (krb5_gss_ctx_id_t)context_handle;
      void                *lctx = NULL;
-    int                        version = 0;
-    gss_buffer_desc    rep;
+    int                 version = 0;
+    gss_buffer_desc     rep;
  
      /* Assume failure */
      retval = GSS_S_FAILURE;
@@ -80,12 +80,12 @@ gss_krb5int_export_lucid_sec_context(
      *data_set = GSS_C_NO_BUFFER_SET;
  
      retval = generic_gss_oid_decompose(minor_status,
-                                      GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
-                                      GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
-                                      desired_object,
-                                      &version);
+                                       GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+                                       GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+                                       desired_object,
+                                       &version);
      if (GSS_ERROR(retval))
-       return retval;
+        return retval;
  
      /* Externalize a structure of the right version */
      switch (version) {
@@ -112,7 +112,7 @@ gss_krb5int_export_lucid_sec_context(
  
      retval = generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
      if (GSS_ERROR(retval))
-       goto error_out;
+        goto error_out;
  
  error_out:
      if (*minor_status == 0)
@@ -134,7 +134,7 @@ gss_krb5int_free_lucid_sec_context(
      OM_uint32           retval;
      krb5_error_code     kret = 0;
      int                 version;
-    void               *kctx;
+    void                *kctx;
  
      /* Assume failure */
      retval = GSS_S_FAILURE;
diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c

index 7265193b3b7247650abfa366d736fc348c4b2a60..d84e2eecfc00865e71fa192fae372381751842c5 100644 (file)
--- a/src/lib/gssapi/krb5/seal.c
+++ b/src/lib/gssapi/krb5/seal.c
@@ -48,35 +48,35 @@ krb5_gss_wrap(minor_status, context_handle, conf_req_flag,
  /* AEAD interfaces */
  OM_uint32
  krb5_gss_wrap_iov(OM_uint32 *minor_status,
-                 gss_ctx_id_t context_handle,
-                 int conf_req_flag,
-                 gss_qop_t qop_req,
-                 int *conf_state,
-                 gss_iov_buffer_desc *iov,
-                 int iov_count)
+                  gss_ctx_id_t context_handle,
+                  int conf_req_flag,
+                  gss_qop_t qop_req,
+                  int *conf_state,
+                  gss_iov_buffer_desc *iov,
+                  int iov_count)
  {
      OM_uint32 major_status;
  
      major_status = kg_seal_iov(minor_status, context_handle, conf_req_flag,
-                              qop_req, conf_state,
-                              iov, iov_count, KG_TOK_WRAP_MSG);
+                               qop_req, conf_state,
+                               iov, iov_count, KG_TOK_WRAP_MSG);
  
      return major_status;
  }
  
  OM_uint32
  krb5_gss_wrap_iov_length(OM_uint32 *minor_status,
-                        gss_ctx_id_t context_handle,
-                        int conf_req_flag,
-                        gss_qop_t qop_req,
-                        int *conf_state,
-                        gss_iov_buffer_desc *iov,
-                        int iov_count)
+                         gss_ctx_id_t context_handle,
+                         int conf_req_flag,
+                         gss_qop_t qop_req,
+                         int *conf_state,
+                         gss_iov_buffer_desc *iov,
+                         int iov_count)
  {
      OM_uint32 major_status;
  
      major_status = kg_seal_iov_length(minor_status, context_handle, conf_req_flag,
-                                     qop_req, conf_state, iov, iov_count);
+                                      qop_req, conf_state, iov, iov_count);
      return major_status;
  }
  
diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c

index 20cc6f9dd0f4c45636e791826360bf10167ca830..60ea9058cbf4891b1ea98f1d1bcb731406b15fcf 100644 (file)
--- a/src/lib/gssapi/krb5/ser_sctx.c
+++ b/src/lib/gssapi/krb5/ser_sctx.c
@@ -342,16 +342,16 @@ kg_ctx_size(kcontext, arg, sizep)
                                      KV5M_KEYBLOCK,
                                      (krb5_pointer) ctx->acceptor_subkey,
                                      &required);
-       if (!kret && ctx->authdata) {
-           krb5_int32 i;
-
-           for (i = 0; !kret && ctx->authdata[i]; i++) {
-               kret = krb5_size_opaque(kcontext,
-                                       KV5M_AUTHDATA,
-                                       (krb5_pointer)ctx->authdata[i],
-                                       &required);
-           }
-       }
+        if (!kret && ctx->authdata) {
+            krb5_int32 i;
+
+            for (i = 0; !kret && ctx->authdata[i]; i++) {
+                kret = krb5_size_opaque(kcontext,
+                                        KV5M_AUTHDATA,
+                                        (krb5_pointer)ctx->authdata[i],
+                                        &required);
+            }
+        }
          if (!kret)
              *sizep += required;
      }
@@ -498,25 +498,25 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
              if (!kret)
                  kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache,
                                             &bp, &remain);
-           if (!kret) {
-               krb5_int32 i = 0;
-
-               if (ctx->authdata) {
-                   for (; ctx->authdata[i]; i++)
-                       ;
-               }
-               /* authdata count */
-               kret = krb5_ser_pack_int32(i, &bp, &remain);
-               if (!kret && ctx->authdata) {
-                   /* authdata */
-                   for (i = 0; !kret && ctx->authdata[i]; i++)
-                       kret = krb5_externalize_opaque(kcontext,
-                                                      KV5M_AUTHDATA,
-                                                      ctx->authdata[i],
-                                                      &bp,
-                                                      &remain);
-               }
-           }
+            if (!kret) {
+                krb5_int32 i = 0;
+
+                if (ctx->authdata) {
+                    for (; ctx->authdata[i]; i++)
+                        ;
+                }
+                /* authdata count */
+                kret = krb5_ser_pack_int32(i, &bp, &remain);
+                if (!kret && ctx->authdata) {
+                    /* authdata */
+                    for (i = 0; !kret && ctx->authdata[i]; i++)
+                        kret = krb5_externalize_opaque(kcontext,
+                                                       KV5M_AUTHDATA,
+                                                       ctx->authdata[i],
+                                                       &bp,
+                                                       &remain);
+                }
+            }
              /* trailer */
              if (!kret)
                  kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
@@ -697,27 +697,27 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
              if (!kret)
                  kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
              ctx->cred_rcache = ibuf;
-           /* authdata */
+            /* authdata */
              if (!kret)
                  kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           if (!kret) {
-               krb5_int32 nadata = ibuf, i;
-
-               if (nadata > 0) {
-                   ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1,
-                                                            sizeof(krb5_authdata *));
-                   if (ctx->authdata == NULL) {
-                       kret = ENOMEM;
-                   } else {
-                       for (i = 0; !kret && i < nadata; i++)
-                           kret = krb5_internalize_opaque(kcontext,
-                                                          KV5M_AUTHDATA,
-                                                          (krb5_pointer *)&ctx->authdata[i],
-                                                          &bp,
-                                                          &remain);
-                   }
-               }
-           }
+            if (!kret) {
+                krb5_int32 nadata = ibuf, i;
+
+                if (nadata > 0) {
+                    ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1,
+                                                             sizeof(krb5_authdata *));
+                    if (ctx->authdata == NULL) {
+                        kret = ENOMEM;
+                    } else {
+                        for (i = 0; !kret && i < nadata; i++)
+                            kret = krb5_internalize_opaque(kcontext,
+                                                           KV5M_AUTHDATA,
+                                                           (krb5_pointer *)&ctx->authdata[i],
+                                                           &bp,
+                                                           &remain);
+                    }
+                }
+            }
              /* Get trailer */
              if (!kret)
                  kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
diff --git a/src/lib/gssapi/krb5/set_ccache.c b/src/lib/gssapi/krb5/set_ccache.c

index 883eb97e569e3b4658ba4ed5a914a7068bc54dc7..273182637dbf57564b6ab270f2e8af291c0cb404 100644 (file)
--- a/src/lib/gssapi/krb5/set_ccache.c
+++ b/src/lib/gssapi/krb5/set_ccache.c
@@ -33,9 +33,9 @@
  
  OM_uint32 KRB5_CALLCONV
  gss_krb5int_ccache_name(OM_uint32 *minor_status,
-                       const gss_OID desired_mech,
-                       const gss_OID desired_object,
-                       gss_buffer_t value)
+                        const gss_OID desired_mech,
+                        const gss_OID desired_object,
+                        gss_buffer_t value)
  {
      char *old_name = NULL;
      OM_uint32 err = 0;
@@ -52,7 +52,7 @@ gss_krb5int_ccache_name(OM_uint32 *minor_status,
      assert(value->length == sizeof(*req));
  
      if (value->length != sizeof(*req))
-       return GSS_S_FAILURE;
+        return GSS_S_FAILURE;
  
      req = (struct krb5_gss_ccache_name_req *)value->value;
  
diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c

index 2d047206cfa7c62607728478c1776bc95a26716f..069768c74bd434c226e5428126f5a8b167ccf9ef 100644 (file)
--- a/src/lib/gssapi/krb5/sign.c
+++ b/src/lib/gssapi/krb5/sign.c
@@ -45,33 +45,33 @@ krb5_gss_get_mic(minor_status, context_handle, qop_req,
  #if 0
  OM_uint32
  krb5_gss_get_mic_iov(OM_uint32 *minor_status,
-                    gss_ctx_id_t context_handle,
-                    gss_qop_t qop_req,
-                    gss_iov_buffer_desc *iov,
-                    int iov_count)
+                     gss_ctx_id_t context_handle,
+                     gss_qop_t qop_req,
+                     gss_iov_buffer_desc *iov,
+                     int iov_count)
  {
      OM_uint32 major_status;
  
      major_status = kg_seal_iov(minor_status, context_handle, FALSE,
-                              qop_req, NULL,
-                              iov, iov_count, KG_TOK_MIC_MSG);
+                               qop_req, NULL,
+                               iov, iov_count, KG_TOK_MIC_MSG);
  
      return major_status;
  }
  
  OM_uint32
  krb5_gss_get_mic_iov_length(OM_uint32 *minor_status,
-                           gss_ctx_id_t context_handle,
-                           int conf_req_flag,
-                           gss_qop_t qop_req,
-                           int *conf_state,
-                           gss_iov_buffer_desc *iov,
-                           int iov_count)
+                            gss_ctx_id_t context_handle,
+                            int conf_req_flag,
+                            gss_qop_t qop_req,
+                            int *conf_state,
+                            gss_iov_buffer_desc *iov,
+                            int iov_count)
  {
      OM_uint32 major_status;
  
      major_status = kg_seal_iov_length(minor_status, context_handle, conf_req_flag,
-                                     qop_req, conf_state, iov, iov_count);
+                                      qop_req, conf_state, iov, iov_count);
      return major_status;
  }
  #endif
diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c

index 82764a9939462fa1361558b90fdaaba70cd83830..5366effc10679a9267f5703540edeecb1ba4d7d0 100644 (file)
--- a/src/lib/gssapi/krb5/unseal.c
+++ b/src/lib/gssapi/krb5/unseal.c
@@ -50,17 +50,17 @@ krb5_gss_unwrap(minor_status, context_handle,
  /* AEAD interface */
  OM_uint32
  krb5_gss_unwrap_iov(OM_uint32 *minor_status,
-                   gss_ctx_id_t context_handle,
-                   int *conf_state,
-                   gss_qop_t *qop_state,
-                   gss_iov_buffer_desc *iov,
-                   int iov_count)
+                    gss_ctx_id_t context_handle,
+                    int *conf_state,
+                    gss_qop_t *qop_state,
+                    gss_iov_buffer_desc *iov,
+                    int iov_count)
  {
      OM_uint32 major_status;
  
      major_status = kg_unseal_iov(minor_status, context_handle,
-                                conf_state, qop_state,
-                                iov, iov_count, KG_TOK_WRAP_MSG);
+                                 conf_state, qop_state,
+                                 iov, iov_count, KG_TOK_WRAP_MSG);
  
      return major_status;
  }
diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c

index 8dcf75129296d0ad9b4de3d5ae8611474f30ca7e..fc6c849c95c63e7551958753ef2d1c8a199ea641 100644 (file)
--- a/src/lib/gssapi/krb5/util_cksum.c
+++ b/src/lib/gssapi/krb5/util_cksum.c
@@ -110,15 +110,15 @@ cleanup:
  
  krb5_error_code
  kg_make_checksum_iov_v1(krb5_context context,
-                       krb5_cksumtype type,
-                       size_t cksum_len,
-                       krb5_keyblock *seq,
-                       krb5_keyblock *enc,
-                       krb5_keyusage sign_usage,
-                       gss_iov_buffer_desc *iov,
-                       int iov_count,
-                       int toktype,
-                       krb5_checksum *checksum)
+                        krb5_cksumtype type,
+                        size_t cksum_len,
+                        krb5_keyblock *seq,
+                        krb5_keyblock *enc,
+                        krb5_keyusage sign_usage,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count,
+                        int toktype,
+                        krb5_checksum *checksum)
  {
      krb5_error_code code;
      gss_iov_buffer_desc *header;
@@ -133,19 +133,19 @@ kg_make_checksum_iov_v1(krb5_context context,
      kiov_count = 3 + iov_count;
      kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov));
      if (kiov == NULL)
-       return ENOMEM;
+        return ENOMEM;
  
      /* Checksum over ( Header | Confounder | Data | Pad ) */
      if (toktype == KG_TOK_WRAP_MSG)
-       conf_len = kg_confounder_size(context, (krb5_keyblock *)enc);
+        conf_len = kg_confounder_size(context, (krb5_keyblock *)enc);
  
      /* Checksum output */
      kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
      kiov[i].data.length = checksum->length;
      kiov[i].data.data = xmalloc(checksum->length);
      if (kiov[i].data.data == NULL) {
-       xfree(kiov);
-       return ENOMEM;
+        xfree(kiov);
+        return ENOMEM;
      }
      i++;
  
@@ -160,25 +160,25 @@ kg_make_checksum_iov_v1(krb5_context context,
  
      /* Confounder */
      if (toktype == KG_TOK_WRAP_MSG) {
-       kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
-       kiov[i].data.length = conf_len;
-       kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len;
-       i++;
+        kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
+        kiov[i].data.length = conf_len;
+        kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len;
+        i++;
      }
  
      for (j = 0; j < iov_count; j++) {
-       kiov[i].flags = kg_translate_flag_iov(iov[j].type);
-       kiov[i].data.length = iov[j].buffer.length;
-       kiov[i].data.data = (char *)iov[j].buffer.value;
-       i++;
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
      }
  
      code = krb5_c_make_checksum_iov(context, type, seq, sign_usage, kiov, kiov_count);
      if (code == 0) {
-       checksum->length = kiov[0].data.length;
-       checksum->contents = (unsigned char *)kiov[0].data.data;
+        checksum->length = kiov[0].data.length;
+        checksum->contents = (unsigned char *)kiov[0].data.data;
      } else
-       free(kiov[0].data.data);
+        free(kiov[0].data.data);
  
      xfree(kiov);
  
@@ -187,14 +187,14 @@ kg_make_checksum_iov_v1(krb5_context context,
  
  static krb5_error_code
  checksum_iov_v3(krb5_context context,
-               krb5_cksumtype type,
-               size_t rrc,
-               krb5_keyblock *key,
-               krb5_keyusage sign_usage,
-               gss_iov_buffer_desc *iov,
-               int iov_count,
-               krb5_boolean verify,
-               krb5_boolean *valid)
+                krb5_cksumtype type,
+                size_t rrc,
+                krb5_keyblock *key,
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                krb5_boolean verify,
+                krb5_boolean *valid)
  {
      krb5_error_code code;
      gss_iov_buffer_desc *header;
@@ -205,11 +205,11 @@ checksum_iov_v3(krb5_context context,
      unsigned int k5_checksumlen;
  
      if (verify)
-       *valid = FALSE;
+        *valid = FALSE;
  
      code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
      if (code != 0)
-       return code;
+        return code;
  
      header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
      assert(header != NULL);
@@ -218,26 +218,26 @@ checksum_iov_v3(krb5_context context,
      assert(rrc != 0 || trailer != NULL);
  
      if (trailer == NULL) {
-       if (rrc != k5_checksumlen)
-           return KRB5_BAD_MSIZE;
-       if (header->buffer.length != 16 + k5_checksumlen)
-           return KRB5_BAD_MSIZE;
+        if (rrc != k5_checksumlen)
+            return KRB5_BAD_MSIZE;
+        if (header->buffer.length != 16 + k5_checksumlen)
+            return KRB5_BAD_MSIZE;
      } else if (trailer->buffer.length != k5_checksumlen)
-       return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
  
      kiov_count = 2 + iov_count;
      kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov));
      if (kiov == NULL)
-       return ENOMEM;
+        return ENOMEM;
  
      /* Checksum over ( Data | Header ) */
  
      /* Data */
      for (j = 0; j < iov_count; j++) {
-       kiov[i].flags = kg_translate_flag_iov(iov[j].type);
-       kiov[i].data.length = iov[j].buffer.length;
-       kiov[i].data.data = (char *)iov[j].buffer.value;
-       i++;
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
      }
  
      /* Header */
@@ -249,18 +249,18 @@ checksum_iov_v3(krb5_context context,
      /* Checksum */
      kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
      if (trailer == NULL) {
-       kiov[i].data.length = header->buffer.length - 16;
-       kiov[i].data.data = (char *)header->buffer.value + 16;
+        kiov[i].data.length = header->buffer.length - 16;
+        kiov[i].data.data = (char *)header->buffer.value + 16;
      } else {
-       kiov[i].data.length = trailer->buffer.length;
-       kiov[i].data.data = (char *)trailer->buffer.value;
+        kiov[i].data.length = trailer->buffer.length;
+        kiov[i].data.data = (char *)trailer->buffer.value;
      }
      i++;
  
      if (verify)
-       code = krb5_c_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
+        code = krb5_c_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
      else
-       code = krb5_c_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);
+        code = krb5_c_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);
  
      xfree(kiov);
  
@@ -269,27 +269,27 @@ checksum_iov_v3(krb5_context context,
  
  krb5_error_code
  kg_make_checksum_iov_v3(krb5_context context,
-                       krb5_cksumtype type,
-                       size_t rrc,
-                       krb5_keyblock *key,
-                       krb5_keyusage sign_usage,
-                       gss_iov_buffer_desc *iov,
-                       int iov_count)
+                        krb5_cksumtype type,
+                        size_t rrc,
+                        krb5_keyblock *key,
+                        krb5_keyusage sign_usage,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count)
  {
      return checksum_iov_v3(context, type, rrc, key,
-                          sign_usage, iov, iov_count, 0, NULL);
+                           sign_usage, iov, iov_count, 0, NULL);
  }
  
  krb5_error_code
  kg_verify_checksum_iov_v3(krb5_context context,
-                         krb5_cksumtype type,
-                         size_t rrc,
-                         krb5_keyblock *key,
-                         krb5_keyusage sign_usage,
-                         gss_iov_buffer_desc *iov,
-                         int iov_count,
-                         krb5_boolean *valid)
+                          krb5_cksumtype type,
+                          size_t rrc,
+                          krb5_keyblock *key,
+                          krb5_keyusage sign_usage,
+                          gss_iov_buffer_desc *iov,
+                          int iov_count,
+                          krb5_boolean *valid)
  {
      return checksum_iov_v3(context, type, rrc, key,
-                          sign_usage, iov, iov_count, 1, valid);
+                           sign_usage, iov, iov_count, 1, valid);
  }
diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c

index e2f306e979aed198afc9a25ef661b0f2d4f3bd4f..db38e9eaba85576a06ed2019d829de075922447a 100644 (file)
--- a/src/lib/gssapi/krb5/util_crypt.c
+++ b/src/lib/gssapi/krb5/util_crypt.c
@@ -58,37 +58,37 @@ const char const kg_arcfour_l40[] = "fortybits";
  
  static krb5_error_code
  kg_copy_keys(krb5_context context,
-            krb5_gss_ctx_id_rec *ctx,
-            krb5_keyblock *subkey)
+             krb5_gss_ctx_id_rec *ctx,
+             krb5_keyblock *subkey)
  {
      krb5_error_code code;
  
      if (ctx->enc != NULL) {
-       krb5_free_keyblock(context, ctx->enc);
-       ctx->enc = NULL;
+        krb5_free_keyblock(context, ctx->enc);
+        ctx->enc = NULL;
      }
  
      code = krb5_copy_keyblock(context, subkey, &ctx->enc);
      if (code != 0)
-       return code;
+        return code;
  
      if (ctx->seq != NULL) {
-       krb5_free_keyblock(context, ctx->seq);
-       ctx->seq = NULL;
+        krb5_free_keyblock(context, ctx->seq);
+        ctx->seq = NULL;
      }
  
      code = krb5_copy_keyblock(context, subkey, &ctx->seq);
      if (code != 0)
-       return code;
+        return code;
  
      return 0;
  }
  
  krb5_error_code
  kg_setup_keys(krb5_context context,
-             krb5_gss_ctx_id_rec *ctx,
-             krb5_keyblock *subkey,
-             krb5_cksumtype *cksumtype)
+              krb5_gss_ctx_id_rec *ctx,
+              krb5_keyblock *subkey,
+              krb5_cksumtype *cksumtype)
  {
      krb5_error_code code;
      unsigned int i;
@@ -101,61 +101,61 @@ kg_setup_keys(krb5_context context,
      ctx->proto = 0;
  
      if (ctx->enc == NULL) {
-       ctx->signalg = -1;
-       ctx->sealalg = -1;
+        ctx->signalg = -1;
+        ctx->sealalg = -1;
      }
-        
+
      code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION);
      if (code != 0)
-       return code;
+        return code;
  
      code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, subkey->enctype,
-                                                   cksumtype);
+                                                    cksumtype);
      if (code != 0)
-       return code;
+        return code;
  
      switch (subkey->enctype) {
      case ENCTYPE_DES_CBC_MD5:
      case ENCTYPE_DES_CBC_MD4:
      case ENCTYPE_DES_CBC_CRC:
-       code = kg_copy_keys(context, ctx, subkey);
-       if (code != 0)
-           return code;
-
-       ctx->enc->enctype = ENCTYPE_DES_CBC_RAW;
-       ctx->seq->enctype = ENCTYPE_DES_CBC_RAW;
-       ctx->signalg = SGN_ALG_DES_MAC_MD5;
-       ctx->cksum_size = 8;
-       ctx->sealalg = SEAL_ALG_DES;
-
-       for (i = 0; i < ctx->enc->length; i++)
-           /*SUPPRESS 113*/
-           ctx->enc->contents[i] ^= 0xF0;
-       break;
+        code = kg_copy_keys(context, ctx, subkey);
+        if (code != 0)
+            return code;
+
+        ctx->enc->enctype = ENCTYPE_DES_CBC_RAW;
+        ctx->seq->enctype = ENCTYPE_DES_CBC_RAW;
+        ctx->signalg = SGN_ALG_DES_MAC_MD5;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_DES;
+
+        for (i = 0; i < ctx->enc->length; i++)
+            /*SUPPRESS 113*/
+            ctx->enc->contents[i] ^= 0xF0;
+        break;
      case ENCTYPE_DES3_CBC_SHA1:
-       code = kg_copy_keys(context, ctx, subkey);
-       if (code != 0)
-           return code;
-
-       ctx->enc->enctype = ENCTYPE_DES3_CBC_RAW;
-       ctx->seq->enctype = ENCTYPE_DES3_CBC_RAW;
-       ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
-       ctx->cksum_size = 20;
-       ctx->sealalg = SEAL_ALG_DES3KD;
-       break;
+        code = kg_copy_keys(context, ctx, subkey);
+        if (code != 0)
+            return code;
+
+        ctx->enc->enctype = ENCTYPE_DES3_CBC_RAW;
+        ctx->seq->enctype = ENCTYPE_DES3_CBC_RAW;
+        ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+        ctx->cksum_size = 20;
+        ctx->sealalg = SEAL_ALG_DES3KD;
+        break;
      case ENCTYPE_ARCFOUR_HMAC:
      case ENCTYPE_ARCFOUR_HMAC_EXP:
-       code = kg_copy_keys(context, ctx, subkey);
-       if (code != 0)
-           return code;
-
-       ctx->signalg = SGN_ALG_HMAC_MD5;
-       ctx->cksum_size = 8;
-       ctx->sealalg = SEAL_ALG_MICROSOFT_RC4;
-       break;
+        code = kg_copy_keys(context, ctx, subkey);
+        if (code != 0)
+            return code;
+
+        ctx->signalg = SGN_ALG_HMAC_MD5;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_MICROSOFT_RC4;
+        break;
      default:
-       ctx->proto = 1;
-       break;
+        ctx->proto = 1;
+        break;
      }
  
      return 0;
@@ -170,7 +170,7 @@ kg_confounder_size(context, key)
      size_t blocksize;
      /* We special case rc4*/
      if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
-       key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+        key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
          return 8;
      code = krb5_c_block_size(context, key->enctype, &blocksize);
      if (code)
@@ -190,7 +190,7 @@ kg_make_confounder(context, key, buf)
  
      confsize = kg_confounder_size(context, key);
      if (confsize < 0)
-       return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
  
      lrandom.length = confsize;
      lrandom.data = (char *)buf;
@@ -314,8 +314,8 @@ kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
          goto cleanup_arcfour;
  
      if (exportable) {
-       memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
-       i += sizeof(kg_arcfour_l40);
+        memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
+        i += sizeof(kg_arcfour_l40);
      }
      t[i++] = ms_usage &0xff;
      t[i++] = (ms_usage>>8) & 0xff;
@@ -330,7 +330,7 @@ kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
      if (code)
          goto cleanup_arcfour;
      if (exportable)
-       memset(usage_key.contents + 7, 0xab, 9);
+        memset(usage_key.contents + 7, 0xab, 9);
  
      input.data = ( void *) kd_data;
      input.length = kd_data_len;
@@ -380,7 +380,7 @@ kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count)
      assert(header != NULL);
  
      if (header->buffer.length < conf_len)
-       return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
  
      trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
      assert(trailer == NULL || trailer->buffer.length == 0);
@@ -388,7 +388,7 @@ kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count)
      kiov_count = 3 + iov_count;
      kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov));
      if (kiov == NULL)
-       return ENOMEM;
+        return ENOMEM;
  
      /* For pre-CFX (raw enctypes) there is no krb5 header */
      kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER;
@@ -403,13 +403,13 @@ kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count)
      i++;
  
      for (j = 0; j < iov_count; j++) {
-       kiov[i].flags = kg_translate_flag_iov(iov[j].type);
-       if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
-           continue;
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
+            continue;
  
-       kiov[i].data.length = iov[j].buffer.length;
-       kiov[i].data.data = (char *)iov[j].buffer.value;
-       i++;
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
      }
  
      kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
@@ -426,9 +426,9 @@ kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count)
  static krb5_error_code
  kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count)
      krb5_context context;
-    int dce_style;             /* DCE_STYLE indicates actual RRC is EC + RRC */
-    size_t ec;                 /* Extra rotate count for DCE_STYLE, pad length otherwise */
-    size_t rrc;                        /* Rotate count */
+    int dce_style;              /* DCE_STYLE indicates actual RRC is EC + RRC */
+    size_t ec;                  /* Extra rotate count for DCE_STYLE, pad length otherwise */
+    size_t rrc;                 /* Rotate count */
      const krb5_keyblock *key;
      gss_iov_buffer_desc *iov;
      int iov_count;
@@ -455,11 +455,11 @@ kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pki
  
      code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
      if (code != 0)
-       return code;
+        return code;
  
      code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
      if (code != 0)
-       return code;
+        return code;
  
      /* Check header and trailer sizes */
      gss_headerlen = 16 /* GSS-Header */ + k5_headerlen; /* Kerb-Header */
@@ -467,28 +467,28 @@ kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pki
  
      /* If we're caller without a trailer, we must rotate by trailer length */
      if (trailer == NULL) {
-       size_t actual_rrc = rrc;
+        size_t actual_rrc = rrc;
  
-       if (dce_style)
-           actual_rrc += ec; /* compensate for Windows bug */
+        if (dce_style)
+            actual_rrc += ec; /* compensate for Windows bug */
  
-       if (actual_rrc != gss_trailerlen)
-           return KRB5_BAD_MSIZE;
+        if (actual_rrc != gss_trailerlen)
+            return KRB5_BAD_MSIZE;
  
-       gss_headerlen += gss_trailerlen;
-       gss_trailerlen = 0;
+        gss_headerlen += gss_trailerlen;
+        gss_trailerlen = 0;
      } else {
-       if (trailer->buffer.length != gss_trailerlen)
-           return KRB5_BAD_MSIZE;
+        if (trailer->buffer.length != gss_trailerlen)
+            return KRB5_BAD_MSIZE;
      }
  
      if (header->buffer.length != gss_headerlen)
-       return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
  
      kiov_count = 3 + iov_count;
      kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov));
      if (kiov == NULL)
-       return ENOMEM;
+        return ENOMEM;
  
      /*
       * The krb5 header is located at the end of the GSS header.
@@ -499,13 +499,13 @@ kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pki
      i++;
  
      for (j = 0; j < iov_count; j++) {
-       kiov[i].flags = kg_translate_flag_iov(iov[j].type);
-       if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
-           continue;
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
+            continue;
  
-       kiov[i].data.length = iov[j].buffer.length;
-       kiov[i].data.data = (char *)iov[j].buffer.value;
-       i++;
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
      }
  
      /*
@@ -516,9 +516,9 @@ kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pki
      kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
      kiov[i].data.length = ec + 16; /* E(Header) */
      if (trailer == NULL)
-       kiov[i].data.data = (char *)header->buffer.value + 16;
+        kiov[i].data.data = (char *)header->buffer.value + 16;
      else
-       kiov[i].data.data = (char *)trailer->buffer.value;
+        kiov[i].data.data = (char *)trailer->buffer.value;
      i++;
  
      /*
@@ -539,7 +539,7 @@ kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pki
  static krb5_error_code
  kg_translate_iov(context, proto, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count)
      krb5_context context;
-    int proto;                 /* 1 if CFX, 0 for pre-CFX */
+    int proto;                  /* 1 if CFX, 0 for pre-CFX */
      int dce_style;
      size_t ec;
      size_t rrc;
@@ -550,8 +550,8 @@ kg_translate_iov(context, proto, dce_style, ec, rrc, key, iov, iov_count, pkiov,
      size_t *pkiov_count;
  {
      return proto ?
-       kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) :
-       kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count);
+        kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) :
+        kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count);
  }
  
  krb5_error_code
@@ -589,10 +589,10 @@ kg_encrypt_iov(context, proto, dce_style, ec, rrc, key, usage, iv, iov, iov_coun
      }
  
      code = kg_translate_iov(context, proto, dce_style, ec, rrc, key,
-                           iov, iov_count, &kiov, &kiov_count);
+                            iov, iov_count, &kiov, &kiov_count);
      if (code == 0) {
-       code = krb5_c_encrypt_iov(context, key, usage, pivd, kiov, kiov_count);
-       free(kiov);
+        code = krb5_c_encrypt_iov(context, key, usage, pivd, kiov, kiov_count);
+        free(kiov);
      }
  
      if (pivd != NULL)
@@ -638,10 +638,10 @@ kg_decrypt_iov(context, proto, dce_style, ec, rrc, key, usage, iv, iov, iov_coun
      }
  
      code = kg_translate_iov(context, proto, dce_style, ec, rrc, key,
-                           iov, iov_count, &kiov, &kiov_count);
+                            iov, iov_count, &kiov, &kiov_count);
      if (code == 0) {
-       code = krb5_c_decrypt_iov(context, key, usage, pivd, kiov, kiov_count);
-       free(kiov);
+        code = krb5_c_decrypt_iov(context, key, usage, pivd, kiov, kiov_count);
+        free(kiov);
      }
  
      if (pivd != NULL)
@@ -652,7 +652,7 @@ kg_decrypt_iov(context, proto, dce_style, ec, rrc, key, usage, iv, iov, iov_coun
  
  krb5_error_code
  kg_arcfour_docrypt_iov (krb5_context context,
-                       const krb5_keyblock *longterm_key , int ms_usage,
+                        const krb5_keyblock *longterm_key , int ms_usage,
                          const unsigned char *kd_data, size_t kd_data_len,
                          gss_iov_buffer_desc *iov, int iov_count)
  {
@@ -681,8 +681,8 @@ kg_arcfour_docrypt_iov (krb5_context context,
          goto cleanup_arcfour;
  
      if (exportable) {
-       memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
-       i += sizeof(kg_arcfour_l40);
+        memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
+        i += sizeof(kg_arcfour_l40);
      }
      t[i++] = ms_usage &0xff;
      t[i++] = (ms_usage>>8) & 0xff;
@@ -697,7 +697,7 @@ kg_arcfour_docrypt_iov (krb5_context context,
      if (code)
          goto cleanup_arcfour;
      if (exportable)
-       memset(usage_key.contents + 7, 0xab, 9);
+        memset(usage_key.contents + 7, 0xab, 9);
  
      input.data = ( void *) kd_data;
      input.length = kd_data_len;
@@ -708,10 +708,10 @@ kg_arcfour_docrypt_iov (krb5_context context,
          goto cleanup_arcfour;
  
      code = kg_translate_iov(context, 0 /* proto */, 0 /* dce_style */,
-                           0 /* ec */, 0 /* rrc */, longterm_key,
-                           iov, iov_count, &kiov, &kiov_count);
+                            0 /* ec */, 0 /* rrc */, longterm_key,
+                            iov, iov_count, &kiov, &kiov_count);
      if (code)
-       goto cleanup_arcfour;
+        goto cleanup_arcfour;
  
      code =  ((*kaccess.arcfour_enc_provider->encrypt_iov)(
                   &seq_enc_key, 0,
@@ -722,7 +722,7 @@ cleanup_arcfour:
      free ((void *) usage_key.contents);
      free ((void *) seq_enc_key.contents);
      if (kiov != NULL)
-       free(kiov);
+        free(kiov);
      return (code);
  }
  
@@ -734,14 +734,14 @@ kg_translate_flag_iov(OM_uint32 type)
      switch (GSS_IOV_BUFFER_TYPE(type)) {
      case GSS_IOV_BUFFER_TYPE_DATA:
      case GSS_IOV_BUFFER_TYPE_PADDING:
-       ktype = KRB5_CRYPTO_TYPE_DATA;
-       break;
+        ktype = KRB5_CRYPTO_TYPE_DATA;
+        break;
      case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
-       ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY;
-       break;
+        ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+        break;
      default:
-       ktype = KRB5_CRYPTO_TYPE_EMPTY;
-       break;
+        ktype = KRB5_CRYPTO_TYPE_EMPTY;
+        break;
      }
  
      return ktype;
@@ -749,22 +749,22 @@ kg_translate_flag_iov(OM_uint32 type)
  
  gss_iov_buffer_t
  kg_locate_iov(gss_iov_buffer_desc *iov,
-             int iov_count,
-             OM_uint32 type)
+              int iov_count,
+              OM_uint32 type)
  {
      int i;
      gss_iov_buffer_t p = GSS_C_NO_IOV_BUFFER;
  
      if (iov == GSS_C_NO_IOV_BUFFER)
-       return GSS_C_NO_IOV_BUFFER;
+        return GSS_C_NO_IOV_BUFFER;
  
      for (i = iov_count - 1; i >= 0; i--) {
-       if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) {
-           if (p == GSS_C_NO_IOV_BUFFER)
-               p = &iov[i];
-           else
-               return GSS_C_NO_IOV_BUFFER;
-       }
+        if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) {
+            if (p == GSS_C_NO_IOV_BUFFER)
+                p = &iov[i];
+            else
+                return GSS_C_NO_IOV_BUFFER;
+        }
      }
  
      return p;
@@ -772,9 +772,9 @@ kg_locate_iov(gss_iov_buffer_desc *iov,
  
  void
  kg_iov_msglen(gss_iov_buffer_desc *iov,
-             int iov_count,
-             size_t *data_length_p,
-             size_t *assoc_data_length_p)
+              int iov_count,
+              size_t *data_length_p,
+              size_t *assoc_data_length_p)
  {
      int i;
      size_t data_length = 0, assoc_data_length = 0;
@@ -784,14 +784,14 @@ kg_iov_msglen(gss_iov_buffer_desc *iov,
      *data_length_p = *assoc_data_length_p = 0;
  
      for (i = 0; i < iov_count; i++) {
-       OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type);
+        OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type);
  
-       if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
-           assoc_data_length += iov[i].buffer.length;
+        if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            assoc_data_length += iov[i].buffer.length;
  
-       if (type == GSS_IOV_BUFFER_TYPE_DATA ||
-           type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
-           data_length += iov[i].buffer.length;
+        if (type == GSS_IOV_BUFFER_TYPE_DATA ||
+            type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            data_length += iov[i].buffer.length;
      }
  
      *data_length_p = data_length;
@@ -807,17 +807,17 @@ kg_release_iov(gss_iov_buffer_desc *iov, int iov_count)
      assert(iov != GSS_C_NO_IOV_BUFFER);
  
      for (i = 0; i < iov_count; i++) {
-       if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
-           gss_release_buffer(&min_stat, &iov[i].buffer);
-           iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
-       }
+        if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
+            gss_release_buffer(&min_stat, &iov[i].buffer);
+            iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+        }
      }
  }
  
  OM_uint32
  kg_fixup_padding_iov(OM_uint32 *minor_status,
-                    gss_iov_buffer_desc *iov,
-                    int iov_count)
+                     gss_iov_buffer_desc *iov,
+                     int iov_count)
  {
      gss_iov_buffer_t padding = NULL;
      gss_iov_buffer_t data = NULL;
@@ -829,13 +829,13 @@ kg_fixup_padding_iov(OM_uint32 *minor_status,
      padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
  
      if (data == NULL) {
-       *minor_status = 0;
-       return GSS_S_COMPLETE;
+        *minor_status = 0;
+        return GSS_S_COMPLETE;
      }
  
      if (padding == NULL || padding->buffer.length == 0) {
-       *minor_status = EINVAL;
-       return GSS_S_FAILURE;
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
      }
  
      p = (unsigned char *)padding->buffer.value;
@@ -843,8 +843,8 @@ kg_fixup_padding_iov(OM_uint32 *minor_status,
  
      if (data->buffer.length + padding->buffer.length < padlength ||
          padlength == 0) {
-       *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
      }
  
      /*
@@ -860,15 +860,15 @@ kg_fixup_padding_iov(OM_uint32 *minor_status,
       *
       * eg. if the buffers are structured as follows:
       *
-     *     +---DATA---+-PAD-+
-     *     | ABCDE444 | 4   |
-     *     +----------+-----+
+     *      +---DATA---+-PAD-+
+     *      | ABCDE444 | 4   |
+     *      +----------+-----+
       *
       * after compensation they would look like:
       *
-     *     +-DATA--+-PAD--+
-     *     | ABCDE | NULL |
-     *     +-------+------+
+     *      +-DATA--+-PAD--+
+     *      | ABCDE | NULL |
+     *      +-------+------+
       */
      relative_padlength = padlength - padding->buffer.length;
  
@@ -877,8 +877,8 @@ kg_fixup_padding_iov(OM_uint32 *minor_status,
      data->buffer.length -= relative_padlength;
  
      if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
-       gss_release_buffer(&minor, &padding->buffer);
-       padding->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+        gss_release_buffer(&minor, &padding->buffer);
+        padding->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
      }
  
      padding->buffer.length = 0;
@@ -896,7 +896,7 @@ int kg_map_toktype(int proto, int toktype)
          case KG_TOK_SIGN_MSG:
              toktype2 = KG2_TOK_MIC_MSG;
              break;
-       case KG_TOK_WRAP_MSG:
+        case KG_TOK_WRAP_MSG:
              toktype2 = KG2_TOK_WRAP_MSG;
              break;
          case KG_TOK_DEL_CTX:
@@ -920,10 +920,10 @@ krb5_boolean kg_integ_only_iov(gss_iov_buffer_desc *iov, int iov_count)
      assert(iov != GSS_C_NO_IOV_BUFFER);
  
      for (i = 0; i < iov_count; i++) {
-       if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) {
-           has_conf_data = TRUE;
-           break;
-       }
+        if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) {
+            has_conf_data = TRUE;
+            break;
+        }
      }
  
      return (has_conf_data == FALSE);
@@ -937,8 +937,8 @@ krb5_error_code kg_allocate_iov(gss_iov_buffer_t iov, size_t size)
      iov->buffer.length = size;
      iov->buffer.value = xmalloc(size);
      if (iov->buffer.value == NULL) {
-       iov->buffer.length = 0;
-       return ENOMEM;
+        iov->buffer.length = 0;
+        return ENOMEM;
      }
  
      iov->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c

index 17d49a587241a4db6948c45d81d1f935f8899824..b559f5e088b8658b17173e2260d4ae19641207b4 100644 (file)
--- a/src/lib/gssapi/krb5/util_seed.c
+++ b/src/lib/gssapi/krb5/util_seed.c
@@ -40,12 +40,12 @@ kg_make_seed(context, key, seed)
  
      code = krb5_copy_keyblock(context, key, &tmpkey);
      if (code)
-       return(code);
+        return(code);
  
      /* reverse the key bytes, as per spec */
  
      for (i=0; i<tmpkey->length; i++)
-       tmpkey->contents[i] = key->contents[key->length - 1 - i];
+        tmpkey->contents[i] = key->contents[key->length - 1 - i];
  
      code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16);
  
diff --git a/src/lib/gssapi/krb5/util_seqnum.c b/src/lib/gssapi/krb5/util_seqnum.c

index d5d7ffa57d8f0346abeb3087d82b2d1b5f4e96ee..372cb62a9116dfa406831665d6d105e8e8133607 100644 (file)
--- a/src/lib/gssapi/krb5/util_seqnum.c
+++ b/src/lib/gssapi/krb5/util_seqnum.c
@@ -45,7 +45,7 @@ kg_make_seq_num(context, key, direction, seqnum, cksum, buf)
      plain[6] = direction;
      plain[7] = direction;
      if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
-       key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
          /* Yes, Microsoft used big-endian sequence number.*/
          plain[0] = (seqnum>>24) & 0xff;
          plain[1] = (seqnum>>16) & 0xff;
@@ -78,7 +78,7 @@ krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum)
      unsigned char plain[8];
  
      if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
-       key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
          code = kg_arcfour_docrypt (key, 0,
                                     cksum, 8,
                                     buf, 8,
@@ -96,7 +96,7 @@ krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum)
  
      *direction = plain[4];
      if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
-       key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
          *seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24));
      } else {
          *seqnum = ((plain[0]) |
diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c

index 31e8ff29616868e360033d4c72e3f0107a788c9f..033a489b725bd8a9bd8bc9b84e80763ebc0af3e7 100644 (file)
--- a/src/lib/gssapi/krb5/verify.c
+++ b/src/lib/gssapi/krb5/verify.c
@@ -49,16 +49,16 @@ krb5_gss_verify_mic(minor_status, context_handle,
  #if 0
  OM_uint32
  krb5_gss_verify_mic_iov(OM_uint32 *minor_status,
-                       gss_ctx_id_t context_handle,
-                       gss_qop_t *qop_state,
-                       gss_iov_buffer_desc *iov,
-                       int iov_count)
+                        gss_ctx_id_t context_handle,
+                        gss_qop_t *qop_state,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count)
  {
      OM_uint32 major_status;
  
      major_status = kg_unseal_iov(minor_status, context_handle,
-                                NULL, qop_state,
-                                iov, iov_count, KG_TOK_WRAP_MSG);
+                                 NULL, qop_state,
+                                 iov, iov_count, KG_TOK_WRAP_MSG);
  
      return major_status;
  }
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c

index 59e876187374dca6720f32a80dd6d83bbcc8793b..7fa9c44d6684eef3f3e1ee94d30935a18dd0107b 100644 (file)
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -114,10 +114,10 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
  
          /* Token header: 16 octets.  */
          if (conf_req_flag) {
-           krb5_enctype enctype;
+            krb5_enctype enctype;
  
-           enctype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey->enctype
-                                               : ctx->subkey->enctype;
+            enctype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey->enctype
+                                                : ctx->subkey->enctype;
  
              while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
                  sz--;
@@ -135,18 +135,18 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
                  sz = 0;
  #endif
          } else {
-           krb5_cksumtype cksumtype;
-           krb5_error_code err;
-           size_t cksumsize;
-
-           cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
-                                                 : ctx->cksumtype;
-
-           err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
-           if (err) {
-               *minor_status = err;
-               return GSS_S_FAILURE;
-           }
+            krb5_cksumtype cksumtype;
+            krb5_error_code err;
+            size_t cksumsize;
+
+            cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
+                                                  : ctx->cksumtype;
+
+            err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
+            if (err) {
+                *minor_status = err;
+                return GSS_S_FAILURE;
+            }
  
              /* Allow for token header and checksum.  */
              if (sz < 16 + cksumsize)
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c

index a6f0bbc8dda3eb5bf6f242d39f8b80e3450a7b6c..1149384a281ef342040cab358b3d418c63498bfe 100644 (file)
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -1111,9 +1111,7 @@ const char *fileName;
                         for (endp = modOptions;
                                 *endp && *endp != ']'; endp++);
  
-                       if (endp)
-                               *endp = '\0';
-
+                       *endp = '\0';
                 } else {
                         modOptions = NULL;
                 }
diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c

index 9774d76ea9bc233beb00e44fcd7b0e71c1ca51dc..cd3fb417707d44afb9f9341f2b964acd2c69d6be 100644 (file)
--- a/src/lib/kadm5/srv/svr_iters.c
+++ b/src/lib/kadm5/srv/svr_iters.c
@@ -192,7 +192,8 @@ static kadm5_ret_t kadm5_get_either(int princ,
       char *regexp;
       int i, ret;
       kadm5_server_handle_t handle = server_handle;
-     
+
+     *princs = NULL;
       *count = 0;
       if (exp == NULL)
           exp = "*";
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c

index 6528133db4fa89b505764d6cd123c725396a5f34..4a9d26f3f64bdce78b014544ff3b2f77dc96c6f5 100644 (file)
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -25,6 +25,12 @@ static char *rcsid = "$Header$";
  
  #endif
  
+#ifdef USE_VALGRIND
+#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_DEFINED(LVALUE) ((void)0)
+#endif
+
  extern krb5_principal      master_princ;
  extern krb5_principal      hist_princ;
  extern  krb5_keylist_node  *master_keylist;
@@ -49,6 +55,7 @@ kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pr
      if (tempprinc == 0)
          return ENOMEM;
  
+    VALGRIND_CHECK_DEFINED(*inprinc);
      memcpy(tempprinc, inprinc, sizeof(krb5_principal_data));
  
      nelems = (int) krb5_princ_size(context, inprinc);
@@ -72,6 +79,7 @@ kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pr
          if (len)
              memcpy(krb5_princ_component(context, tempprinc, i)->data,
                     krb5_princ_component(context, inprinc, i)->data, len);
+       krb5_princ_component(context, tempprinc, i)->magic = KV5M_DATA;
      }
  
      tempprinc->realm.data =
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c

index b9b95b3a170af317ce664d208b77aded9b555d94..b91e7cbac5947dde0070d754a1730daba510b4d7 100644 (file)
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1770,125 +1770,6 @@ krb5_db_verify_master_key(krb5_context     kcontext,
      return status;
  }
  
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
-/* XXX WAF: don't think this is needed now that I've modified
- * krb5_def_fetch_mkey_list.  Keeping it around just in case. */
-/*
- * get most current master key which may be stored with the master key princ.
- */ 
-
-krb5_error_code
-krb5_db_fetch_latest_mkey(krb5_context    context,
-                   krb5_principal  mname,
-                   krb5_enctype    etype,
-                   krb5_boolean    fromkeyboard,
-                   krb5_boolean    twice,
-                   char          * db_args,
-                   krb5_kvno     * kvno,
-                   krb5_data     * salt,
-                   krb5_keyblock * key)
-{
-    krb5_keyblock tmp_mkey, tmp_clearkey;
-    krb5_kvno     tmp_kvno;
-    krb5_db_entry master_entry;
-    int nprinc;
-    krb5_boolean more, found_key = FALSE;
-    krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry;
-    krb5_error_code retval = 0;
-
-    memset(&tmp_mkey, 0, sizeof(tmp_mkey));
-    memset(&tmp_clearkey, 0, sizeof(tmp_clearkey));
-
-    /* fetch the local mkey either from stash or via keyboard interactive */
-    if ((retval = krb5_db_fetch_mkey(context, mname, etype, fromkeyboard,
-                                  twice, db_args, &tmp_kvno, NULL, &tmp_mkey))) {
-       return (retval);
-    }
-
-    nprinc = 1;
-    retval = krb5_db_get_principal(context, mname, &master_entry, &nprinc, &more);
-    if (retval != 0)
-       goto clean_n_exit;
-
-    if ((retval = krb5_dbekd_decrypt_key_data(context, &tmp_mkey,
-                                             &master_entry.key_data[0],
-                                             &tmp_clearkey, NULL)) != 0) {
-       /*
-        * Note the tmp_kvno may provide a hint as to which mkey_aux tuple to
-        * decrypt.
-        */
-       if ((retval = krb5_dbe_lookup_mkey_aux(context, &master_entry, &mkey_aux_data_list)))
-           goto clean_n_exit;
-
-       /* for performance sake, try decrypting with matching kvno */
-       for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
-            aux_data_entry = aux_data_entry->next) {
-
-           if (aux_data_entry->mkey_kvno == tmp_kvno) {
-               if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
-                                  &tmp_clearkey, NULL) == 0) {
-                   found_key = TRUE;
-                   break;
-               }
-           }
-       }
-       if (found_key != TRUE) {
-           /* given the importance of acquiring the latest mkey, try brute force */
-           for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
-                aux_data_entry = aux_data_entry->next) {
-
-               if (krb5_dbekd_decrypt_key_data(context, &tmp_mkey, &aux_data_entry->latest_mkey,
-                                               &tmp_clearkey, NULL) == 0) {
-                   found_key = TRUE;
-                   /* XXX WAF: should I issue warning about kvno not matching?
-                    */
-                   break;
-               }
-           }
-           if (found_key != TRUE) {
-               krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY,
-                       "Unable to decrypt latest master key with the provided master key\n");
-               retval = KRB5_KDB_BADMASTERKEY;
-               goto clean_n_exit;
-           }
-       }
-
-       if ((retval = krb5_db_verify_master_key(context,
-                                               mname,
-                                               tmp_kvno,
-                                               &tmp_clearkey))) {
-           krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY,
-               "Failed to verify Latest master key decrypted with the provided master key\n");
-           retval = KRB5_KDB_BADMASTERKEY;
-           goto clean_n_exit;
-       }
-    }
-
-    key->contents = malloc(tmp_clearkey.length);
-    if (key->contents == NULL) {
-       retval = ENOMEM;
-       goto clean_n_exit;
-    }
-
-    key->magic = tmp_clearkey.magic;
-    key->enctype = tmp_clearkey.enctype;
-    key->length = tmp_clearkey.length;
-    memcpy(key->contents, tmp_clearkey.contents, tmp_clearkey.length);
-
-clean_n_exit:
-    if (tmp_mkey.contents) {
-       memset(tmp_mkey.contents, 0, tmp_mkey.length);
-       krb5_db_free(context, tmp_mkey.contents);
-    }
-    if (tmp_clearkey.contents) {
-       memset(tmp_clearkey.contents, 0, tmp_clearkey.length);
-       krb5_db_free(context, tmp_clearkey.contents);
-    }
-    krb5_db_free_principal(context, &master_entry, nprinc);
-    return (retval);
-}
-#endif /**************** END IFDEF'ed OUT *******************************/
-
  krb5_error_code
  krb5_dbe_fetch_act_key_list(krb5_context         context,
                              krb5_principal       princ,
@@ -2289,6 +2170,9 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
      krb5_tl_data tl_data;
      krb5_error_code code;
  
+    *mod_princ = NULL;
+    *mod_time = 0;
+
      tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
  
      if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c

index 8427e95b4eaaed2404d520015dbe834c43d83d5e..94d62eace94dbfa636a0c7294ead964d881b0777 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_decode.c
+++ b/src/lib/krb5/asn.1/asn1_decode.c
@@ -269,9 +269,8 @@ asn1_error_code asn1_decode_boolean(asn1buf *buf, unsigned *val)
  
      retval = asn1buf_remove_octet(buf, &bval);
      if (retval) return retval;
- 
+
      *val = (bval != 0x00);
- 
+
      cleanup();
  }
-
diff --git a/src/lib/krb5/asn.1/asn1_decode.h b/src/lib/krb5/asn.1/asn1_decode.h

index 3e8bac4c6d6db81517a5817ddc6ead359b82f4d0..b90a369d678bf137c3a63c3b5862fa94aea784a6 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_decode.h
+++ b/src/lib/krb5/asn.1/asn1_decode.h
@@ -61,7 +61,7 @@
  
  
  asn1_error_code asn1_decode_boolean
-       (asn1buf *buf, unsigned int *val);
+        (asn1buf *buf, unsigned int *val);
  asn1_error_code asn1_decode_integer
          (asn1buf *buf, long *val);
  asn1_error_code asn1_decode_unsigned_integer
diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c

index c4cc674e02e52cc0cdc6bb4edbbe59916dd17424..d7954649397fe09cd7002befa653be8b0149d6b7 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_encode.c
+++ b/src/lib/krb5/asn.1/asn1_encode.c
@@ -31,7 +31,7 @@
  #include "asn1_make.h"
  
  asn1_error_code asn1_encode_boolean(asn1buf *buf, asn1_intmax val,
-                                   unsigned int *retlen)
+                                    unsigned int *retlen)
  {
      asn1_error_code retval;
      unsigned int length = 0;
@@ -321,10 +321,10 @@ asn1_error_code asn1_encode_opaque(asn1buf *buf, unsigned int len,
     correct byte order, in an allocated krb5_data.  */
  
  #ifdef POINTERS_ARE_ALL_THE_SAME
-#define LOADPTR(PTR,TYPE)      \
+#define LOADPTR(PTR,TYPE)       \
      (assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR))
  #else
-#define LOADPTR(PTR,TYPE)      \
+#define LOADPTR(PTR,TYPE)       \
      (*(const void *const *)(PTR))
  #endif
  
diff --git a/src/lib/krb5/asn.1/asn1_encode.h b/src/lib/krb5/asn.1/asn1_encode.h

index 94ab67fe4e9ea662fbebc2eeb616ca457674af5e..289b98db10b192a3c6ba6ac31e635deb8568aa07 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_encode.h
+++ b/src/lib/krb5/asn.1/asn1_encode.h
@@ -52,7 +52,7 @@
  */
  
  asn1_error_code asn1_encode_boolean
-       (asn1buf *buf, asn1_intmax val, unsigned int *retlen);
+        (asn1buf *buf, asn1_intmax val, unsigned int *retlen);
  asn1_error_code asn1_encode_integer
          (asn1buf *buf, asn1_intmax val, unsigned int *retlen);
  /* requires  *buf is allocated
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c

index b4dbd2fe84c83d0e4b88d377c49e6accdd22552f..035aff17eaec7c4f4eb96c0c3b1b5e5be0d0fe5a 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -1193,13 +1193,13 @@ asn1_error_code asn1_decode_setpw_req(asn1buf *buf, krb5_data *newpasswd, krb5_p
      *principal = NULL;
  
      { begin_structure();
-       get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring);
-       if (tagnum == 1) {
-           alloc_field(*principal, krb5_principal_data);
-           opt_field(*principal, 1, asn1_decode_principal_name, 0);
-           opt_field(*principal, 2, asn1_decode_realm, 0);
-       }
-       end_structure();
+        get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring);
+        if (tagnum == 1) {
+            alloc_field(*principal, krb5_principal_data);
+            opt_field(*principal, 1, asn1_decode_principal_name, 0);
+            opt_field(*principal, 2, asn1_decode_realm, 0);
+        }
+        end_structure();
      }
      cleanup();
  }
@@ -1208,11 +1208,11 @@ asn1_error_code asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val)
  {
      setup();
      { begin_structure();
-       get_field(val->user,0,asn1_decode_principal_name);
-       get_field(val->user,1,asn1_decode_realm);
-       get_field(val->cksum,2,asn1_decode_checksum);
-       get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring);
-       end_structure();
+        get_field(val->user,0,asn1_decode_principal_name);
+        get_field(val->user,1,asn1_decode_realm);
+        get_field(val->cksum,2,asn1_decode_checksum);
+        get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring);
+        end_structure();
      }
      cleanup();
  }
@@ -1221,8 +1221,8 @@ asn1_error_code asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val)
  {
      setup();
      { begin_structure();
-       get_field(val->include_pac,0,asn1_decode_boolean);
-       end_structure();
+        get_field(val->include_pac,0,asn1_decode_boolean);
+        end_structure();
      }
      cleanup();
  }
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h

index 22ef2643183d87c9ff87a2543391bf40f9257ab3..3ec84c051eba28086e0ade36f8415c11c73101fc 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_k_decode.h
+++ b/src/lib/krb5/asn.1/asn1_k_decode.h
@@ -234,10 +234,10 @@ asn1_error_code asn1_decode_sequence_of_algorithm_identifier
          (asn1buf *buf, krb5_algorithm_identifier ***val);
  
  asn1_error_code asn1_decode_setpw_req
-       (asn1buf *buf, krb5_data *rep, krb5_principal *principal);
+        (asn1buf *buf, krb5_data *rep, krb5_principal *principal);
  asn1_error_code asn1_decode_pa_for_user
-       (asn1buf *buf, krb5_pa_for_user *val);
+        (asn1buf *buf, krb5_pa_for_user *val);
  asn1_error_code asn1_decode_pa_pac_req
-       (asn1buf *buf, krb5_pa_pac_req *val);
+        (asn1buf *buf, krb5_pa_pac_req *val);
  
  #endif
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c

index 3308d0ea14dbcfd624c259f061572e7d5b722243..1f2cce803eb0d41af338c3a00930223a87e07cef 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_k_encode.c
+++ b/src/lib/krb5/asn.1/asn1_k_encode.c
@@ -82,7 +82,7 @@ DEFFNLENTYPE(generalstring, char *, asn1_encode_generalstring);
  DEFFNLENTYPE(u_generalstring, unsigned char *, asn1_encode_generalstring);
  DEFFNLENTYPE(opaque, char *, asn1_encode_opaque);
  
-DEFFIELDTYPE(gstring_data, krb5_data, 
+DEFFIELDTYPE(gstring_data, krb5_data,
               FIELDOF_STRING(krb5_data, generalstring, data, length, -1));
  DEFPTRTYPE(gstring_data_ptr,gstring_data);
  
@@ -247,7 +247,7 @@ static const struct field_info enc_kdc_rep_part_fields[] = {
      /* caddr[11]                HostAddresses OPTIONAL */
      FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_host_addresses, caddrs,
                  11, 11),
-    /* encrypted-pa-data[12]   SEQUENCE OF PA-DATA OPTIONAL */
+    /* encrypted-pa-data[12]    SEQUENCE OF PA-DATA OPTIONAL */
      FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_pa_data, enc_padata, 12, 12),
  };
  static unsigned int optional_enc_kdc_rep_part(const void *p)
@@ -1174,7 +1174,7 @@ DEFSEQTYPE(pa_pac_request, krb5_pa_pac_req, pa_pac_request_fields, 0);
  #endif
  
  /* RFC 4537 */
-DEFFIELDTYPE(etype_list, krb5_etype_list, 
+DEFFIELDTYPE(etype_list, krb5_etype_list,
               FIELDOF_SEQOF_INT32(krb5_etype_list, int32_ptr, etypes, length, -1));
  
  /* Exported complete encoders -- these produce a krb5_data with
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c

index b8efabaca4e1996c57c524cd1353721909af3650..71ad03b2460d829ca98363eacd1dbb3e9c4b2938 100644 (file)
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -55,6 +55,12 @@
  #include <stdio.h>
  #include "asn1_get.h"
  
+#ifdef USE_VALGRIND
+#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_READABLE(PTR,SIZE) ((void)0)
+#endif
+
  #if !defined(__GNUC__) || defined(CONFIG_SMALL)
  /* Declare private procedures as static if they're not used for inline
     expansion of other stuff elsewhere.  */
@@ -181,6 +187,7 @@ asn1buf_insert_bytestring(asn1buf *buf, const unsigned int len, const void *sv)
  
      retval = asn1buf_ensure_space(buf,len);
      if (retval) return retval;
+    VALGRIND_CHECK_READABLE(sv, len);
      for (length=1; length<=len; length++,(buf->next)++)
          *(buf->next) = (s[len-length]);
      return 0;
diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c

index c413a32f19c6f8b6eafb66c6c41362f97a420288..2d9a3daf7fc5ae82fd27f653d25a89fa1120fc70 100644 (file)
--- a/src/lib/krb5/asn.1/krb5_decode.c
+++ b/src/lib/krb5/asn.1/krb5_decode.c
@@ -952,8 +952,8 @@ krb5_error_code decode_krb5_predicted_sam_response(const krb5_data *code, krb5_p
  }
  
  krb5_error_code decode_krb5_setpw_req(const krb5_data *code,
-                                     krb5_data **rep,
-                                     krb5_principal *principal)
+                                      krb5_data **rep,
+                                      krb5_principal *principal)
  {
      setup_buf_only();
      alloc_field(*rep, krb5_data);
diff --git a/src/lib/krb5/asn.1/krbasn1.h b/src/lib/krb5/asn.1/krbasn1.h

index 53feb6dd6ba0b8d93a558d706463acbbb3d0f27e..985381a25414fc26c39d7468935618929be25456 100644 (file)
--- a/src/lib/krb5/asn.1/krbasn1.h
+++ b/src/lib/krb5/asn.1/krbasn1.h
@@ -46,13 +46,13 @@ typedef int asn1_tagnum;
  #define KVNO 5
  
  /* Universal Tag Numbers */
-#define ASN1_BOOLEAN           1
+#define ASN1_BOOLEAN            1
  #define ASN1_INTEGER            2
  #define ASN1_BITSTRING          3
  #define ASN1_OCTETSTRING        4
  #define ASN1_NULL               5
  #define ASN1_OBJECTIDENTIFIER   6
-#define ASN1_ENUMERATED                10
+#define ASN1_ENUMERATED         10
  #define ASN1_SEQUENCE           16
  #define ASN1_SET                17
  #define ASN1_PRINTABLESTRING    19
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c

index f30ae212271c4f142dd83f4da3902a95dca79b94..8a8a9b3c04eb8788e9c8adab9fbdc654697884e5 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1341,6 +1341,7 @@ krb5_get_init_creds(krb5_context context,
                                                  &err_reply->client->realm,
                                                  &referred_client.realm);
                 krb5_free_error(context, err_reply);
+               err_reply = NULL;
                 if (ret)
                     goto cleanup;
                 request.client = &referred_client;
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c

index 3cfc188c517b6522dc8b128279bc2e03656c8ec1..196b627d8b0627944696ce9f2f237e6a9a7f4138 100644 (file)
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -230,7 +230,7 @@ krb5_pac_get_buffer(krb5_context context,
         return ret;
   
      data->data = malloc(d.length);
-    if (data == NULL)
+    if (data->data == NULL)
         return ENOMEM;
  
      data->length = d.length;
@@ -307,25 +307,25 @@ krb5_pac_parse(krb5_context context,
  {
      krb5_error_code ret;
      size_t i;
-    PACTYPE header;
      const unsigned char *p = (const unsigned char *)ptr;
      krb5_pac pac;
      size_t header_len;
+    krb5_ui_4 cbuffers, version;
  
      *ppac = NULL;
  
      if (len < PACTYPE_LENGTH)
         return ERANGE;
  
-    header.cBuffers = load_32_le(p);
+    cbuffers = load_32_le(p);
      p += 4;
-    header.Version = load_32_le(p);
+    version = load_32_le(p);
      p += 4;
  
-    if (header.Version != 0)
+    if (version != 0)
         return EINVAL;
  
-    header_len = PACTYPE_LENGTH + (header.cBuffers * PAC_INFO_BUFFER_LENGTH);
+    header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH);
      if (len < header_len)
         return ERANGE;
  
@@ -334,13 +334,14 @@ krb5_pac_parse(krb5_context context,
         return ret;
  
      pac->pac = (PACTYPE *)realloc(pac->pac,
-       sizeof(PACTYPE) + ((header.cBuffers - 1) * sizeof(PAC_INFO_BUFFER)));
+       sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER)));
      if (pac->pac == NULL) {
         krb5_pac_free(context, pac);
         return ENOMEM;
      }
  
-    memcpy(pac->pac, &header, sizeof(header));
+    pac->pac->cBuffers = cbuffers;
+    pac->pac->Version = version;
  
      for (i = 0; i < pac->pac->cBuffers; i++) {
         PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c

index 5c705490d3e243f5dad7cbd755f69597f588ea95..87548097a53a100a825d40929f2dece2faf7e23d 100644 (file)
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -82,6 +82,8 @@ k5_parse_name(krb5_context context, const char *name,
         unsigned int    enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
         int             first_at;
  
+       *nprincipal = NULL;
+
         /*
          * Pass 1.  Find out how many components there are to the name,
          * and get string sizes for the first FCOMPNUM components. For
diff --git a/src/lib/krb5/os/read_msg.c b/src/lib/krb5/os/read_msg.c

index 77cda8032a5fe82f3a30e33718a0b70c39621e8a..47973bbd8c920eff3ee4eb2ee6d4a9fe129bbd29 100644 (file)
--- a/src/lib/krb5/os/read_msg.c
+++ b/src/lib/krb5/os/read_msg.c
@@ -37,7 +37,10 @@ krb5_read_message(krb5_context context, krb5_pointer fdp, krb5_data *inbuf)
         int             len2, ilen;
         char            *buf = NULL;
         int             fd = *( (int *) fdp);
-       
+
+       inbuf->data = NULL;
+       inbuf->length = 0;
+
         if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4)
                 return((len2 < 0) ? errno : ECONNABORTED);
         len = ntohl(len);
diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c

index 44013dafc0a6674348bc527c172ca8590fd146df..0486162083c83c948fda25a5baa02673d9625736 100644 (file)
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -396,7 +396,7 @@ parse_counted_string(char **strptr, char **result)
   * Hash extension records have the format:
   *  client = <empty string>
   *  server = HASH:<msghash> <clientlen>:<client> <serverlen>:<server>
- * Spaces in the client and server string are represented with 
+ * Spaces in the client and server string are represented with
   * with backslashes.  Client and server lengths are represented in
   * ASCII decimal (which is different from the 32-bit binary we use
   * elsewhere in the replay cache).
@@ -658,8 +658,8 @@ krb5_rc_io_store(krb5_context context, struct dfl_data *t,
      size_t clientlen, serverlen;
      unsigned int len;
      krb5_error_code ret;
-    struct k5buf buf;
-    char *ptr;
+    struct k5buf buf, extbuf;
+    char *ptr, *extstr;
  
      clientlen = strlen(rep->client);
      serverlen = strlen(rep->server);
@@ -670,8 +670,6 @@ krb5_rc_io_store(krb5_context context, struct dfl_data *t,
           * in regular format (without the message hash) for the
           * benefit of old implementations.
           */
-        struct k5buf extbuf;
-        char *extstr;
  
          /* Format the extension value so we know its length. */
          krb5int_buf_init_dynamic(&extbuf);
diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c

index 5abf109c6c09b03aab01f1765d589f0520d58360..82b56297b4c9f5aaf1650cec799ec4bcb9ab1ccd 100644 (file)
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -223,7 +223,7 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
      krb5_error_code retval = 0;
      int do_not_unlink = 1;
  #ifndef NO_USERID
-    struct stat statb;
+    struct stat sb1, sb2;
  #endif
      char *dir;
      size_t dirlen;
@@ -239,24 +239,50 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
  
  #ifdef NO_USERID
      d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+    if (d->fd == -1) {
+        retval = rc_map_errno(context, errno, d->fn, "open");
+        goto cleanup;
+    }
  #else
-    if ((d->fd = stat(d->fn, &statb)) != -1) {
-        uid_t me;
-
-        me = geteuid();
-        /* must be owned by this user, to prevent some security problems with
-         * other users modifying replay cache stufff */
-        if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) {
-            FREE(d->fn);
-            return KRB5_RC_IO_PERM;
-        }
-        d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+    d->fd = -1;
+    retval = lstat(d->fn, &sb1);
+    if (retval != 0) {
+        retval = rc_map_errno(context, errno, d->fn, "lstat");
+        goto cleanup;
      }
-#endif
-    if (d->fd == -1) {
+    d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+    if (d->fd < 0) {
          retval = rc_map_errno(context, errno, d->fn, "open");
          goto cleanup;
      }
+    retval = fstat(d->fd, &sb2);
+    if (retval < 0) {
+        retval = rc_map_errno(context, errno, d->fn, "fstat");
+        goto cleanup;
+    }
+    /* check if someone was playing with symlinks */
+    if ((sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)
+        || (sb1.st_mode & S_IFMT) != S_IFREG)
+        {
+            retval = KRB5_RC_IO_PERM;
+            krb5_set_error_message(context, retval,
+                                   "rcache not a file %s", d->fn);
+            goto cleanup;
+        }
+    /* check that non other can read/write/execute the file */
+    if (sb1.st_mode & 077) {
+        krb5_set_error_message(context, retval, "Insecure file mode "
+                               "for replay cache file %s", d->fn);
+        return KRB5_RC_IO_UNKNOWN;
+    }
+    /* owned by me */
+    if (sb1.st_uid != geteuid()) {
+        retval = KRB5_RC_IO_PERM;
+        krb5_set_error_message(context, retval, "rcache not owned by %d",
+                               (int)geteuid());
+        goto cleanup;
+    }
+#endif
      set_cloexec_fd(d->fd);
  
      do_not_unlink = 0;
diff --git a/src/lib/krb5/rcache/rcdef.c b/src/lib/krb5/rcache/rcdef.c

index c17fa8aff3e1a79cde750b4cd61a0dd09f7d3983..5b860f1b3ab4fd4b813655afdf9dea1d683d64c5 100644 (file)
--- a/src/lib/krb5/rcache/rcdef.c
+++ b/src/lib/krb5/rcache/rcdef.c
@@ -9,7 +9,7 @@
   *   require a specific license from the United States Government.
   *   It is the responsibility of any person or organization contemplating
   *   export to obtain such a license before exporting.
- * 
+ *
   * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   * distribute this software and its documentation for any purpose and
   * without fee is hereby granted, provided that the above copyright
@@ -23,7 +23,7 @@
   * M.I.T. makes no representations about the suitability of
   * this software for any purpose.  It is provided "as is" without express
   * or implied warranty.
- * 
+ *
   *
   * replay cache default operations vector.
   */
diff --git a/src/lib/krb5/rcache/t_replay.c b/src/lib/krb5/rcache/t_replay.c

index 427991c2eff41e52a722e662e98cc9368608ad15..d32d6547ce8c24d9255169567c1373c8e7471744 100644 (file)
--- a/src/lib/krb5/rcache/t_replay.c
+++ b/src/lib/krb5/rcache/t_replay.c
@@ -9,7 +9,7 @@
   *   require a specific license from the United States Government.
   *   It is the responsibility of any person or organization contemplating
   *   export to obtain such a license before exporting.
- * 
+ *
   * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   * distribute this software and its documentation for any purpose and
   * without fee is hereby granted, provided that the above copyright
@@ -23,7 +23,7 @@
   * M.I.T. makes no representations about the suitability of
   * this software for any purpose.  It is provided "as is" without express
   * or implied warranty.
- * 
+ *
   * t_replay.c: Command-line interfaces to aid testing of replay cache
   *
   */
@@ -68,6 +68,9 @@ static void dump_rcache(const char *filename)
      FILE *fp;
      krb5_deltat lifespan;
      krb5_int16 vno;
+    char *str;
+    krb5_int32 usec;
+    krb5_timestamp timestamp;
  
      fp = fopen(filename, "r");
      if (!fp) {
@@ -80,10 +83,6 @@ static void dump_rcache(const char *filename)
          return;
      printf("Lifespan: %ld\n", (long) lifespan);
      while (1) {
-        char *str;
-        krb5_int32 usec;
-        krb5_timestamp timestamp;
-
          printf("---\n");
  
          if (!(str = read_counted_string(fp)))
@@ -114,6 +113,7 @@ static void store(krb5_context ctx, char *rcspec, char *client, char *server,
      krb5_error_code retval = 0;
      char *hash = NULL;
      krb5_donot_replay rep;
+    krb5_data d;
  
      if (now_timestamp > 0)
          krb5_set_debugging_time(ctx, now_timestamp, now_usec);
@@ -122,8 +122,6 @@ static void store(krb5_context ctx, char *rcspec, char *client, char *server,
      if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew)))
          goto cleanup;
      if (msg) {
-        krb5_data d;
-
          d.data = msg;
          d.length = strlen(msg);
          if ((retval = krb5_rc_hash_message(ctx, &d, &hash)))
diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c

index 417786572c46bba86325cf6a317f67ccf29405d5..5eb6eaa0c04310bbb6fe2f7be01bfd4c14e0a81c 100644 (file)
--- a/src/lib/rpc/xdr.c
+++ b/src/lib/rpc/xdr.c
@@ -56,6 +56,9 @@ static char sccsid[] = "@(#)xdr.c 1.35 87/08/12";
  
  #ifdef USE_VALGRIND
  #include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_DEFINED(LVALUE)         ((void)0)
+#define VALGRIND_CHECK_READABLE(PTR,SIZE)      ((void)0)
  #endif
  
  /*
@@ -97,9 +100,7 @@ xdr_int(XDR *xdrs, int *ip)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*ip);
-#endif
                 if (*ip > 0x7fffffffL || *ip < -0x7fffffffL - 1L)
                         return (FALSE);
  
@@ -133,9 +134,7 @@ xdr_u_int(XDR *xdrs, u_int *up)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*up);
-#endif
                 if (*up > 0xffffffffUL)
                         return (FALSE);
  
@@ -168,9 +167,7 @@ xdr_long(XDR *xdrs, long *lp)
  
         switch (xdrs->x_op) {
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*lp);
-#endif
                 if (*lp > 0x7fffffffL || *lp < -0x7fffffffL - 1L)
                         return (FALSE);
  
@@ -194,9 +191,7 @@ xdr_u_long(XDR *xdrs, u_long *ulp)
  
         switch (xdrs->x_op) {
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*ulp);
-#endif
                 if (*ulp > 0xffffffffUL)
                         return (FALSE);
  
@@ -222,9 +217,7 @@ xdr_short(register XDR *xdrs, short *sp)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*sp);
-#endif
                 l = (long) *sp;
                 return (XDR_PUTLONG(xdrs, &l));
  
@@ -255,9 +248,7 @@ xdr_u_short(register XDR *xdrs, u_short *usp)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*usp);
-#endif
                 l = (u_long) *usp;
                 return (XDR_PUTLONG(xdrs, (long *) &l));
  
@@ -283,7 +274,6 @@ xdr_char(XDR *xdrs, char *cp)
  {
         int i;
  
-#ifdef USE_VALGRIND
         switch (xdrs->x_op) {
         case XDR_ENCODE:
                 VALGRIND_CHECK_DEFINED(*cp);
@@ -291,7 +281,6 @@ xdr_char(XDR *xdrs, char *cp)
         default:
                 break;
         }
-#endif
         i = (*cp);
         if (!xdr_int(xdrs, &i)) {
                 return (FALSE);
@@ -308,7 +297,6 @@ xdr_u_char(XDR *xdrs, u_char *cp)
  {
         u_int u;
  
-#ifdef USE_VALGRIND
         switch (xdrs->x_op) {
         case XDR_ENCODE:
                 VALGRIND_CHECK_DEFINED(*cp);
@@ -316,7 +304,6 @@ xdr_u_char(XDR *xdrs, u_char *cp)
         default:
                 break;
         }
-#endif
         u = (*cp);
         if (!xdr_u_int(xdrs, &u)) {
                 return (FALSE);
@@ -336,9 +323,7 @@ xdr_bool(register XDR *xdrs, bool_t *bp)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*bp);
-#endif
                 lb = *bp ? XDR_TRUE : XDR_FALSE;
                 return (XDR_PUTLONG(xdrs, &lb));
  
@@ -367,7 +352,6 @@ xdr_enum(XDR *xdrs, enum_t *ep)
         /*
          * enums are treated as ints
          */
-#ifdef USE_VALGRIND
         switch (xdrs->x_op) {
         case XDR_ENCODE:
                 VALGRIND_CHECK_DEFINED(*ep);
@@ -375,7 +359,6 @@ xdr_enum(XDR *xdrs, enum_t *ep)
         default:
                 break;
         }
-#endif
         if (sizeof (enum sizecheck) == sizeof (long)) {
                 return (xdr_long(xdrs, (long *)ep));
         } else if (sizeof (enum sizecheck) == sizeof (int)) {
@@ -425,9 +408,7 @@ xdr_opaque(XDR *xdrs, caddr_t cp, u_int cnt)
         }
  
         if (xdrs->x_op == XDR_ENCODE) {
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_READABLE((volatile void *)cp, cnt);
-#endif
                 if (!XDR_PUTBYTES(xdrs, cp, cnt)) {
                         return (FALSE);
                 }
@@ -518,9 +499,7 @@ xdr_int32(XDR *xdrs, int32_t *ip)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*ip);
-#endif
                 l = *ip;
                 return (xdr_long(xdrs, &l));    
  
@@ -545,9 +524,7 @@ xdr_u_int32(XDR *xdrs, uint32_t *up)
         switch (xdrs->x_op) {
  
         case XDR_ENCODE:
-#ifdef USE_VALGRIND
                 VALGRIND_CHECK_DEFINED(*up);
-#endif
                 ul = *up;
                 return (xdr_u_long(xdrs, &ul));    
  
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c

index b68b1dc9187f30e350422b7aad5281d3ec4a2dd2..c1a66088a0d28691a0e61477f5fdfed269287d8f 100644 (file)
--- a/src/plugins/kdb/db2/libdb2/hash/hash.c
+++ b/src/plugins/kdb/db2/libdb2/hash/hash.c
@@ -328,6 +328,8 @@ init_hash(hashp, file, info)
                 if (stat(file, &statbuf))
                         return (NULL);
                 hashp->hdr.bsize = statbuf.st_blksize;
+               if (hashp->hdr.bsize > MAX_BSIZE)
+                   hashp->hdr.bsize = MAX_BSIZE;
                 hashp->hdr.bshift = __log2(hashp->hdr.bsize);
         }
         if (info) {
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

index 15bbbb85c0dde841e738cabe9f66642cd027ea1c..c402e2ee1099531039fd70ad67538d982f4d8b00 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2259,6 +2259,9 @@ server_process_dh(krb5_context context,
      unsigned char *p = NULL;
      ASN1_INTEGER *pub_key = NULL;
  
+    *dh_pubkey = *server_key = NULL;
+    *dh_pubkey_len = *server_key_len = 0;
+
      /* get client's received DH parameters that we saved in server_check_dh */
      dh = cryptoctx->dh;
  
diff --git a/src/util/support/k5buf-int.h b/src/util/support/k5buf-int.h

index 20aefc3679b9505efb2c1ab904869938f1afe940..1b937a3ed80ba93f85ff6b78cf132288bb04891f 100644 (file)
--- a/src/util/support/k5buf-int.h
+++ b/src/util/support/k5buf-int.h
@@ -10,7 +10,7 @@
   *   require a specific license from the United States Government.
   *   It is the responsibility of any person or organization contemplating
   *   export to obtain such a license before exporting.
- * 
+ *
   * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   * distribute this software and its documentation for any purpose and
   * without fee is hereby granted, provided that the above copyright
@@ -18,13 +18,13 @@
   * this permission notice appear in supporting documentation, and that
   * the name of M.I.T. not be used in advertising or publicity pertaining
   * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission.  Furthermore if you modify this software you must label
   * your software as modified software and not distribute it in such a
   * fashion that it might be confused with the original M.I.T. software.
   * M.I.T. makes no representations about the suitability of
   * this software for any purpose.  It is provided "as is" without express
   * or implied warranty.
- * 
+ *
   * Internal declarations for the k5buf string buffer module.
   */
  
diff --git a/src/util/support/k5buf.c b/src/util/support/k5buf.c

index 0bdffb1ad254dcbed7e3c7f01bcc9ef1ca0f0e63..98bb38e408896a73b25906a955c5f54453e1f736 100644 (file)
--- a/src/util/support/k5buf.c
+++ b/src/util/support/k5buf.c
@@ -10,7 +10,7 @@
   *   require a specific license from the United States Government.
   *   It is the responsibility of any person or organization contemplating
   *   export to obtain such a license before exporting.
- * 
+ *
   * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   * distribute this software and its documentation for any purpose and
   * without fee is hereby granted, provided that the above copyright
@@ -18,13 +18,13 @@
   * this permission notice appear in supporting documentation, and that
   * the name of M.I.T. not be used in advertising or publicity pertaining
   * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission.  Furthermore if you modify this software you must label
   * your software as modified software and not distribute it in such a
   * fashion that it might be confused with the original M.I.T. software.
   * M.I.T. makes no representations about the suitability of
   * this software for any purpose.  It is provided "as is" without express
   * or implied warranty.
- * 
+ *
   * Implement the k5buf string buffer module.
   */
  
@@ -43,7 +43,7 @@
       len < space
       data[len] = '\0'
  */
- 
+
  /* Make sure there is room for LEN more characters in BUF, in addition
     to the null terminator and what's already in there.  Return true on
     success.  On failure, set the error flag and return false. */
diff --git a/src/util/support/t_k5buf.c b/src/util/support/t_k5buf.c

index bb60db44027544dd0c1c82c4fb5303290ef3d38f..68916b360591cac2000473f3ca2ff6f1b984b377 100644 (file)
--- a/src/util/support/t_k5buf.c
+++ b/src/util/support/t_k5buf.c
@@ -10,7 +10,7 @@
   *   require a specific license from the United States Government.
   *   It is the responsibility of any person or organization contemplating
   *   export to obtain such a license before exporting.
- * 
+ *
   * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   * distribute this software and its documentation for any purpose and
   * without fee is hereby granted, provided that the above copyright
@@ -18,13 +18,13 @@
   * this permission notice appear in supporting documentation, and that
   * the name of M.I.T. not be used in advertising or publicity pertaining
   * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
+ * permission.  Furthermore if you modify this software you must label
   * your software as modified software and not distribute it in such a
   * fashion that it might be confused with the original M.I.T. software.
   * M.I.T. makes no representations about the suitability of
   * this software for any purpose.  It is provided "as is" without express
   * or implied warranty.
- * 
+ *
   * Test the k5buf string buffer module.
   */
  
@@ -35,8 +35,8 @@
  static void fail_if(int condition, const char *name)
  {
      if (condition) {
-       fprintf(stderr, "%s failed\n", name);
-       exit(1);
+        fprintf(stderr, "%s failed\n", name);
+        exit(1);
      }
  }
  
@@ -44,9 +44,9 @@ static void fail_if(int condition, const char *name)
  static void check_buf(struct k5buf *buf, const char *name)
  {
      fail_if(buf->buftype != FIXED && buf->buftype != DYNAMIC
-           && buf->buftype != ERROR, name);
+            && buf->buftype != ERROR, name);
      if (buf->buftype == ERROR)
-       return;
+        return;
      fail_if(buf->space == 0, name);
      fail_if(buf->space > SPACE_MAX, name);
      fail_if(buf->len >= buf->space, name);
@@ -85,7 +85,7 @@ static void test_realloc()
      size_t i;
  
      for (i = 0; i < sizeof(data); i++)
-       data[i] = 'a';
+        data[i] = 'a';
  
      /* Cause the buffer size to double from 128 to 256 bytes. */
      krb5int_buf_init_dynamic(&buf);
@@ -236,7 +236,7 @@ static void test_fmt()
      size_t i;
  
      for (i = 0; i < sizeof(data) - 1; i++)
-       data[i] = 'a';
+        data[i] = 'a';
      data[i] = '\0';
  
      /* Format some text into a non-empty fixed buffer. */
author	Will Fiveash <will.fiveash@oracle.com>
	Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)
committer	Will Fiveash <will.fiveash@oracle.com>
	Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)
src/include/k5-buf.h		patch \| blob \| blame \| history
src/kadmin/cli/kadmin.c		patch \| blob \| blame \| history
src/kadmin/server/schpw.c		patch \| blob \| blame \| history
src/kdc/network.c		patch \| blob \| blame \| history
src/lib/crypto/aead.h		patch \| blob \| blame \| history
src/lib/crypto/arcfour/deps		patch \| blob \| blame \| history
src/lib/crypto/cksumtypes.h		patch \| blob \| blame \| history
src/lib/crypto/deps		patch \| blob \| blame \| history
src/lib/crypto/des/deps		patch \| blob \| blame \| history
src/lib/crypto/dk/deps		patch \| blob \| blame \| history
src/lib/crypto/enc_provider/deps		patch \| blob \| blame \| history
src/lib/crypto/keyhash_provider/deps		patch \| blob \| blame \| history
src/lib/crypto/keyhash_provider/md5_hmac.c		patch \| blob \| blame \| history
src/lib/crypto/raw/deps		patch \| blob \| blame \| history
src/lib/gssapi/generic/gssapiP_generic.h		patch \| blob \| blame \| history
src/lib/gssapi/generic/gssapi_generic.c		patch \| blob \| blame \| history
src/lib/gssapi/generic/gssapi_generic.h		patch \| blob \| blame \| history
src/lib/gssapi/generic/util_canonhost.c		patch \| blob \| blame \| history
src/lib/gssapi/generic/util_localhost.c		patch \| blob \| blame \| history
src/lib/gssapi/generic/util_token.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/accept_sec_context.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/acquire_cred.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/copy_ccache.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/delete_sec_context.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/get_tkt_flags.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/gssapiP_krb5.h		patch \| blob \| blame \| history
src/lib/gssapi/krb5/gssapi_krb5.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/gssapi_krb5.hin		patch \| blob \| blame \| history
src/lib/gssapi/krb5/init_sec_context.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/inq_context.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/k5seal.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/k5sealiov.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/k5sealv3.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/k5sealv3iov.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/k5unseal.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/k5unsealiov.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/krb5_gss_glue.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/lucid_context.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/seal.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/ser_sctx.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/set_ccache.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/sign.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/unseal.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/util_cksum.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/util_crypt.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/util_seed.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/util_seqnum.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/verify.c		patch \| blob \| blame \| history
src/lib/gssapi/krb5/wrap_size_limit.c		patch \| blob \| blame \| history
src/lib/gssapi/mechglue/g_initialize.c		patch \| blob \| blame \| history
src/lib/kadm5/srv/svr_iters.c		patch \| blob \| blame \| history
src/lib/kadm5/srv/svr_principal.c		patch \| blob \| blame \| history
src/lib/kdb/kdb5.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_decode.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_decode.h		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_encode.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_encode.h		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_k_decode.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_k_decode.h		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_k_encode.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1buf.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/krb5_decode.c		patch \| blob \| blame \| history
src/lib/krb5/asn.1/krbasn1.h		patch \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		patch \| blob \| blame \| history
src/lib/krb5/krb/pac.c		patch \| blob \| blame \| history
src/lib/krb5/krb/parse.c		patch \| blob \| blame \| history
src/lib/krb5/os/read_msg.c		patch \| blob \| blame \| history
src/lib/krb5/rcache/rc_dfl.c		patch \| blob \| blame \| history
src/lib/krb5/rcache/rc_io.c		patch \| blob \| blame \| history
src/lib/krb5/rcache/rcdef.c		patch \| blob \| blame \| history
src/lib/krb5/rcache/t_replay.c		patch \| blob \| blame \| history
src/lib/rpc/xdr.c		patch \| blob \| blame \| history
src/plugins/kdb/db2/libdb2/hash/hash.c		patch \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c		patch \| blob \| blame \| history
src/util/support/k5buf-int.h		patch \| blob \| blame \| history
src/util/support/k5buf.c		patch \| blob \| blame \| history
src/util/support/t_k5buf.c		patch \| blob \| blame \| history