NULL,
error_client,
error_server,
- NULL,
- NULL,
+ csec,
+ cusec,
e_data);
if (ret) {
kdc_log(r->context, r->config, 1,
error_client = NULL;
error_server = NULL;
}
- csec = 0;
- cusec = 0;
+ csec = NULL;
+ cusec = NULL;
}
ret = krb5_mk_error(r->context,
*
*/
if (fxreq.u.armored_data.armor != NULL) {
+ krb5uint32 kvno;
+ krb5uint32 *kvno_ptr = NULL;
+
if (fxreq.u.armored_data.armor->armor_type != 1) {
kdc_log(r->context, r->config, 4,
"Incorrect AS-REQ armor type");
goto out;
}
+ if (ap_req.ticket.enc_part.kvno != NULL) {
+ kvno = *ap_req.ticket.enc_part.kvno;
+ kvno_ptr = &kvno;
+ }
+
ret = _kdc_db_fetch(r->context, r->config, armor_server_principal,
HDB_F_GET_KRBTGT | HDB_F_DELAY_NEW_KEYS,
- (krb5uint32 *)ap_req.ticket.enc_part.kvno,
+ kvno_ptr,
&r->armor_serverdb, &r->armor_server);
if(ret == HDB_ERR_NOT_FOUND_HERE) {
free_AP_REQ(&ap_req);
unsigned char *p;
ret = _kdc_serialize_ecdh_key(context, cp->u.ecdh.key, &p,
&dh_info.subjectPublicKey.length);
- dh_info.subjectPublicKey.data = p;
if (ret)
goto out;
+ dh_info.subjectPublicKey.data = p;
} else
krb5_abortx(context, "no keyex selected ?");
int
BN_is_bit_set(const BIGNUM *bn, int bit)
{
- heim_integer *hi = (heim_integer *)bn;
+ const heim_integer *hi = (const heim_integer *)bn;
unsigned char *p = hi->data;
if ((bit / 8) >= hi->length || hi->length == 0)
unsigned long
BN_get_word(const BIGNUM *bn)
{
- heim_integer *hi = (heim_integer *)bn;
+ const heim_integer *hi = (const heim_integer *)bn;
unsigned long num = 0;
int i;
if (salt && saltlen > 0) {
for (i = 0; i < vlen; i++)
- I[i] = ((unsigned char*)salt)[i % saltlen];
+ I[i] = ((const unsigned char*)salt)[i % saltlen];
size_I += vlen;
}
/*
if (key) {
for (i = 0; i < vlen / 2; i++) {
I[(i * 2) + size_I] = 0;
- I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
+ I[(i * 2) + size_I + 1] = ((const unsigned char*)key)[i % (keylen + 1)];
}
size_I += vlen;
}
/* Extra ':'s? No virtualization for you! */
free(host);
host = NULL;
- htmp = NULL;
} else {
*htmp = '\0';
}
if (ret)
return ret;
+ memset(&tm, 0, sizeof tm);
tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
if (tmp == NULL) {
free(gentime);
p = strchr(freeme, ':');
if (!p) {
hx509_set_error_string(context, 0, EINVAL,
- "Invalid PermanentIdentifier string (should be \"[<oid>]:[<id>]\")",
- oidstr);
+ "Invalid PermanentIdentifier string (should be \"[<oid>]:[<id>]\")");
free(freeme);
return EINVAL;
}
if (!p) {
hx509_set_error_string(context, 0, EINVAL,
"Invalid HardwareModuleName string (should be "
- "\"<oid>:<serial>\")",
- oidstr);
+ "\"<oid>:<serial>\")");
free(freeme);
return EINVAL;
}
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
- RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
+ ret = RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
+ if (ret != 1) {
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ hx509_set_error_string(context, 0, ret, "Failed to generate random bytes");
+ goto out;
+ }
((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
((unsigned char *)tbsc->serialNumber.data)[0] |= 0x40;
}
if (signer_info->signature.length == 0) {
ret = HX509_CMS_MISSING_SIGNER_DATA;
hx509_set_error_string(context, 0, ret,
- "SignerInfo %d in SignedData "
+ "SignerInfo %zu in SignedData "
"missing sigature", i);
continue;
}
char *rest;
int at_s;
+ memset(&at_tm, 0, sizeof at_tm);
if ((rest = strptime(s, "%Y-%m-%dT%H:%M:%S", &at_tm)) != NULL &&
rest[0] == '\0')
return mktime(&at_tm);
+ memset(&at_tm, 0, sizeof at_tm);
if ((rest = strptime(s, "%Y%m%d%H%M%S", &at_tm)) != NULL && rest[0] == '\0')
return mktime(&at_tm);
if ((at_s = parse_time(s, "s")) != -1)
if (strcmp(enc, "4,ENCRYPTED") != 0) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
"Private key encrypted in unknown method %s "
- "in file",
+ "in file %s",
enc, fn);
hx509_clear_error_string(context);
return HX509_PARSING_KEY_FAILED;
init_ccapi(krb5_context context)
{
const char *lib = NULL;
+#ifdef HAVE_DLOPEN
char *explib = NULL;
+#endif
HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) {
ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
- decode_Ticket(cred->ticket.data, cred->ticket.length, &ap.ticket, &len);
+ ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &ap.ticket, &len);
+ if (ret)
+ return ret;
+ if (cred->ticket.length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
ap.authenticator.etype = enctype;
ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator;
static krb5_error_code
cc_ops_register(krb5_context context)
{
+ krb5_error_code ret;
+
context->cc_ops = NULL;
context->num_cc_ops = 0;
#ifndef KCM_IS_API_CACHE
- krb5_cc_register(context, &krb5_acc_ops, TRUE);
+ ret = krb5_cc_register(context, &krb5_acc_ops, TRUE);
+ if (ret)
+ return ret;
#endif
- krb5_cc_register(context, &krb5_fcc_ops, TRUE);
- krb5_cc_register(context, &krb5_dcc_ops, TRUE);
- krb5_cc_register(context, &krb5_mcc_ops, TRUE);
+ ret = krb5_cc_register(context, &krb5_fcc_ops, TRUE);
+ if (ret)
+ return ret;
+ ret = krb5_cc_register(context, &krb5_dcc_ops, TRUE);
+ if (ret)
+ return ret;
+ ret = krb5_cc_register(context, &krb5_mcc_ops, TRUE);
+ if (ret)
+ return ret;
#ifdef HAVE_SCC
- krb5_cc_register(context, &krb5_scc_ops, TRUE);
+ ret = krb5_cc_register(context, &krb5_scc_ops, TRUE);
+ if (ret)
+ return ret;
#endif
#ifdef HAVE_KCM
#ifdef KCM_IS_API_CACHE
- krb5_cc_register(context, &krb5_akcm_ops, TRUE);
+ ret = krb5_cc_register(context, &krb5_akcm_ops, TRUE);
+ if (ret)
+ return ret;
#endif
- krb5_cc_register(context, &krb5_kcm_ops, TRUE);
+ ret = krb5_cc_register(context, &krb5_kcm_ops, TRUE);
+ if (ret)
+ return ret;
#endif
#if defined(HAVE_KEYUTILS_H)
- krb5_cc_register(context, &krb5_krcc_ops, TRUE);
+ ret = krb5_cc_register(context, &krb5_krcc_ops, TRUE);
+ if (ret)
+ return ret;
#endif
- _krb5_load_ccache_plugins(context);
- return 0;
+ ret = _krb5_load_ccache_plugins(context);
+ return ret;
}
static krb5_error_code
static krb5_error_code
kt_ops_register(krb5_context context)
{
+ krb5_error_code ret;
+
context->num_kt_types = 0;
context->kt_types = NULL;
- krb5_kt_register (context, &krb5_fkt_ops);
- krb5_kt_register (context, &krb5_wrfkt_ops);
- krb5_kt_register (context, &krb5_javakt_ops);
- krb5_kt_register (context, &krb5_mkt_ops);
+ ret = krb5_kt_register (context, &krb5_fkt_ops);
+ if (ret)
+ return ret;
+ ret = krb5_kt_register (context, &krb5_wrfkt_ops);
+ if (ret)
+ return ret;
+ ret = krb5_kt_register (context, &krb5_javakt_ops);
+ if (ret)
+ return ret;
+ ret = krb5_kt_register (context, &krb5_mkt_ops);
+ if (ret)
+ return ret;
#ifndef HEIMDAL_SMALLER
- krb5_kt_register (context, &krb5_akf_ops);
+ ret = krb5_kt_register (context, &krb5_akf_ops);
+ if (ret)
+ return ret;
#endif
- krb5_kt_register (context, &krb5_any_ops);
- return 0;
+ ret = krb5_kt_register (context, &krb5_any_ops);
+ return ret;
}
static krb5_error_code
/* init error tables */
_krb5_init_ets(p);
- cc_ops_register(p);
- kt_ops_register(p);
+ ret = cc_ops_register(p);
+ if (ret)
+ goto out;
+ ret = kt_ops_register(p);
+ if (ret)
+ goto out;
#ifdef PKINIT
ret = hx509_context_init(&p->hx509ctx);
code = 0; /* No error */
} else if (r.error_code < 0) {
code = KRB5KRB_ERR_GENERIC; /* ??? */
- } else if (r.error_code <= KX509_ERR_SRV_OVERLOADED) {
+ } else if (r.error_code <= KX509_ERR_SRV_OVERLOADED - ERROR_TABLE_BASE_kx59) {
/*
* RFC6717 (kx509) error code. These are actually not used on the
* wire in any existing implementations that we are aware of. Just
krb5_clear_error_message(context);
return ret;
}
- RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
+ ret = RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
+ if (ret != 1)
+ return KRB5_CRYPTO_INTERNAL;
ret = krb5_copy_data(context, a->clientDHNonce,
&ctx->clientDHNonce);
if (ret)
bytes = sp->fetch(sp, data->data, size);
if (bytes < 0 || bytes != size) {
krb5_data_free(data);
- return (ret < 0)? errno : sp->eof_code;
+ return (bytes < 0)? errno : sp->eof_code;
}
}
return 0;
if (i < size)
c += q[i];
i++;
- p[0] = chars[(c & 0x00000000f800000000ULL) >> 35];
- p[1] = chars[(c & 0x0000000007c0000000ULL) >> 30];
- p[2] = chars[(c & 0x00000000003e000000ULL) >> 25];
- p[3] = chars[(c & 0x000000000001f00000ULL) >> 20];
- p[4] = chars[(c & 0x0000000000000f8000ULL) >> 15];
- p[5] = chars[(c & 0x000000000000007c00ULL) >> 10];
- p[6] = chars[(c & 0x0000000000000003e0ULL) >> 5];
- p[7] = chars[(c & 0x00000000000000001fULL) >> 0];
+ p[0] = chars[(c & 0x000000f800000000ULL) >> 35];
+ p[1] = chars[(c & 0x00000007c0000000ULL) >> 30];
+ p[2] = chars[(c & 0x000000003e000000ULL) >> 25];
+ p[3] = chars[(c & 0x0000000001f00000ULL) >> 20];
+ p[4] = chars[(c & 0x00000000000f8000ULL) >> 15];
+ p[5] = chars[(c & 0x0000000000007c00ULL) >> 10];
+ p[6] = chars[(c & 0x00000000000003e0ULL) >> 5];
+ p[7] = chars[(c & 0x000000000000001fULL) >> 0];
switch (i - size) {
case 4: p[2] = p[3] = '='; HEIM_FALLTHROUGH;
case 3: p[4] = '='; HEIM_FALLTHROUGH;
l2 = re.sub('^ *', '', l2)
l = l[:-2] + l2
if start:
- if re.match('7\.2', l):
+ if re.match(r'7\.2', l):
start = False
else:
- m = re.search('^ *\([A-Z]\) *(.*)$', l);
+ m = re.search(r'^ *\([A-Z]\) *(.*)$', l);
if m:
desc = m.group(1)
codes = []
if m:
cases.append([codes, m.group(1), desc])
else:
- if re.match('^7\.1', l):
+ if re.match(r'^7\.1', l):
start = True
cases = []
examples_c.file.write(
" {%u, {%s}, \"%s\", \"%s\"},\n" %
(len(cp),
- ",".join([re.sub('[uU]\+', '0x', x) for x in cp]),
+ ",".join([re.sub(r'[uU]\+', '0x', x) for x in cp]),
pc,
desc))
projects / thirdparty / samba.git / commitdiff
