oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

remove trailing whitespace

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-09-13 09:21:03 +00:00
parent e172367898
commit 6937d41a02
940 changed files with 23827 additions and 23827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
kdc/pkinit.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kdc_locl.h"
@@ -155,7 +155,7 @@ out:
}
void
_kdc_pk_free_client_param(krb5_context context,
_kdc_pk_free_client_param(krb5_context context,
pk_client_params *client_params)
{
if (client_params->cert)
@@ -293,7 +293,7 @@ get_dh_param(krb5_context context,
}
ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
&dhparam.p, &dhparam.g, &dhparam.q, moduli,
&client_params->dh_group_name);
if (ret) {
@@ -344,7 +344,7 @@ get_dh_param(krb5_context context,
client_params->dh = dh;
dh = NULL;
ret = 0;
out:
if (dh)
DH_free(dh);
@@ -368,7 +368,7 @@ _kdc_pk_rd_padata(krb5_context context,
int have_data = 0;
*ret_params = NULL;
if (!config->enable_pkinit) {
kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
krb5_clear_error_string(context);
@@ -405,7 +405,7 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data);
free_PA_PK_AS_REQ_Win2k(&r);
if (ret) {
krb5_set_error_message(context, ret,
krb5_set_error_message(context, ret,
"Can't decode PK-AS-REQ: %d", ret);
goto out;
}
@@ -474,7 +474,7 @@ _kdc_pk_rd_padata(krb5_context context,
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
continue;
hx509_certs_add(kdc_identity->hx509ctx,
hx509_certs_add(kdc_identity->hx509ctx,
client_params->client_anchors, cert);
hx509_cert_free(cert);
}
@@ -486,12 +486,12 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data);
free_PA_PK_AS_REQ(&r);
if (ret) {
krb5_set_error_message(context, ret,
krb5_set_error_message(context, ret,
"Can't unwrap ContentInfo: %d", ret);
goto out;
}
} else {
} else {
krb5_clear_error_string(context);
ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
goto out;
@@ -500,7 +500,7 @@ _kdc_pk_rd_padata(krb5_context context,
ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
if (ret != 0) {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
krb5_set_error_message(context, ret,
"PK-AS-REQ-Win2k invalid content type oid");
goto out;
}
@@ -559,8 +559,8 @@ _kdc_pk_rd_padata(krb5_context context,
krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
goto out;
}
ret = pk_check_pkauthenticator_win2k(context,
ret = pk_check_pkauthenticator_win2k(context,
&ap.pkAuthenticator,
req);
if (ret) {
@@ -590,8 +590,8 @@ _kdc_pk_rd_padata(krb5_context context,
free_AuthPack(&ap);
goto out;
}
ret = pk_check_pkauthenticator(context,
ret = pk_check_pkauthenticator(context,
&ap.pkAuthenticator,
req);
if (ret) {
@@ -603,7 +603,7 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) {
ret = get_dh_param(context, config,
ret = get_dh_param(context, config,
ap.clientPublicValue, client_params);
if (ret) {
free_AuthPack(&ap);
@@ -705,7 +705,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
break;
default:
krb5_abortx(context, "internal pkinit error");
}
}
if (do_win2k) {
ReplyKeyPack_Win2k kp;
@@ -721,7 +721,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
}
kp.nonce = client_params->nonce;
ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
buf.data, buf.length,
&kp, &size,ret);
free_ReplyKeyPack_Win2k(&kp);
@@ -751,7 +751,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_clear_error_string(context);
goto out;
}
ret = krb5_crypto_destroy(context, ascrypto);
if (ret) {
krb5_clear_error_string(context);
@@ -779,9 +779,9 @@ pk_mk_pa_reply_enckey(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
ret = hx509_certs_find(kdc_identity->hx509ctx,
kdc_identity->certs,
q,
ret = hx509_certs_find(kdc_identity->hx509ctx,
kdc_identity->certs,
q,
&cert);
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
@@ -802,7 +802,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
}
krb5_data_free(&buf);
if (ret)
if (ret)
goto out;
if (client_params->type == PKINIT_WIN2K) {
@@ -818,12 +818,12 @@ pk_mk_pa_reply_enckey(krb5_context context,
ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
0,
client_params->cert,
signed_data.data, signed_data.length,
signed_data.data, signed_data.length,
envelopedAlg,
oid_id_pkcs7_signedData(), &buf);
if (ret)
goto out;
ret = _krb5_pk_mk_ContentInfo(context,
&buf,
oid_id_pkcs7_envelopedData(),
@@ -875,10 +875,10 @@ pk_mk_pa_reply_dh(krb5_context context,
dh_info.subjectPublicKey.length = buf.length * 8;
dh_info.subjectPublicKey.data = buf.data;
dh_info.nonce = client_params->nonce;
ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
ret);
if (ret) {
krb5_set_error_message(context, ret, "ASN.1 encoding of "
@@ -888,7 +888,7 @@ pk_mk_pa_reply_dh(krb5_context context,
if (buf.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
/*
/*
* Create the SignedData structure and sign the KdcDHKeyInfo
* filled in above
*/
@@ -904,9 +904,9 @@ pk_mk_pa_reply_dh(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
ret = hx509_certs_find(kdc_identity->hx509ctx,
kdc_identity->certs,
q,
ret = hx509_certs_find(kdc_identity->hx509ctx,
kdc_identity->certs,
q,
&cert);
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
@@ -1004,7 +1004,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
rep.element = choice_PA_PK_AS_REP_encKeyPack;
ret = krb5_generate_random_keyblock(context, enctype,
ret = krb5_generate_random_keyblock(context, enctype,
&client_params->reply_key);
if (ret) {
free_PA_PK_AS_REP(&rep);
@@ -1021,8 +1021,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
free_PA_PK_AS_REP(&rep);
goto out;
}
ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
rep.u.encKeyPack.length, &info, &size,
ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
rep.u.encKeyPack.length, &info, &size,
ret);
free_ContentInfo(&info);
if (ret) {
@@ -1049,7 +1049,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
return ret;
ret = pk_mk_pa_reply_dh(context, client_params->dh,
client_params,
client_params,
&client_params->reply_key,
&info,
&kdc_cert);
@@ -1100,7 +1100,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
pa_type = KRB5_PADATA_PK_AS_REP_19;
rep.element = choice_PA_PK_AS_REP_encKeyPack;
ret = krb5_generate_random_keyblock(context, enctype,
ret = krb5_generate_random_keyblock(context, enctype,
&client_params->reply_key);
if (ret) {
free_PA_PK_AS_REP_Win2k(&rep);
@@ -1117,8 +1117,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
free_PA_PK_AS_REP_Win2k(&rep);
goto out;
}
ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
rep.u.encKeyPack.length, &info, &size,
ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
rep.u.encKeyPack.length, &info, &size,
ret);
free_ContentInfo(&info);
if (ret) {
@@ -1164,7 +1164,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
if (fd < 0) {
kdc_log(context, config, 0,
kdc_log(context, config, 0,
"PK-INIT failed to open ocsp data file %d", errno);
goto out_ocsp;
}
@@ -1172,15 +1172,15 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (ret) {
ret = errno;
close(fd);
kdc_log(context, config, 0,
kdc_log(context, config, 0,
"PK-INIT failed to stat ocsp data %d", ret);
goto out_ocsp;
}
ret = krb5_data_alloc(&ocsp.data, sb.st_size);
if (ret) {
close(fd);
kdc_log(context, config, 0,
kdc_log(context, config, 0,
"PK-INIT failed to stat ocsp data %d", ret);
goto out_ocsp;
}
@@ -1188,7 +1188,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret = read(fd, ocsp.data.data, sb.st_size);
close(fd);
if (ret != sb.st_size) {
kdc_log(context, config, 0,
kdc_log(context, config, 0,
"PK-INIT failed to read ocsp data %d", errno);
goto out_ocsp;
}
@@ -1200,7 +1200,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ocsp.data.data, ocsp.data.length,
&ocsp.expire);
if (ret) {
kdc_log(context, config, 0,
kdc_log(context, config, 0,
"PK-INIT failed to verify ocsp data %d", ret);
krb5_data_free(&ocsp.data);
ocsp.expire = 0;
@@ -1216,7 +1216,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
ret = krb5_padata_add(context, md,
ret = krb5_padata_add(context, md,
KRB5_PADATA_PA_PK_OCSP_RESPONSE,
ocsp.data.data, ocsp.data.length);
if (ret) {
@@ -1237,10 +1237,10 @@ out:
}
static int
match_rfc_san(krb5_context context,
match_rfc_san(krb5_context context,
krb5_kdc_configuration *config,
hx509_context hx509ctx,
hx509_cert client_cert,
hx509_cert client_cert,
krb5_const_principal match)
{
hx509_octet_string_list list;
@@ -1260,7 +1260,7 @@ match_rfc_san(krb5_context context,
KRB5PrincipalName kn;
size_t size;
ret = decode_KRB5PrincipalName(list.val[i].data,
ret = decode_KRB5PrincipalName(list.val[i].data,
list.val[i].length,
&kn, &size);
if (ret) {
@@ -1284,7 +1284,7 @@ match_rfc_san(krb5_context context,
}
out:
hx509_free_octet_string_list(&list);
hx509_free_octet_string_list(&list);
if (ret)
return ret;
@@ -1295,10 +1295,10 @@ out:
}
static int
match_ms_upn_san(krb5_context context,
match_ms_upn_san(krb5_context context,
krb5_kdc_configuration *config,
hx509_context hx509ctx,
hx509_cert client_cert,
hx509_cert client_cert,
krb5_const_principal match)
{
hx509_octet_string_list list;
@@ -1337,7 +1337,7 @@ match_ms_upn_san(krb5_context context,
goto out;
}
/*
/*
* This is very wrong, but will do for now, should really and a
* plugin to the windc layer to very this ACL.
*/
@@ -1349,7 +1349,7 @@ match_ms_upn_san(krb5_context context,
out:
if (principal)
krb5_free_principal(context, principal);
hx509_free_octet_string_list(&list);
hx509_free_octet_string_list(&list);
if (ret)
return ret;
@@ -1383,7 +1383,7 @@ _kdc_pk_check_client(krb5_context context,
return ret;
kdc_log(context, config, 0,
"Trying to authorize PK-INIT subject DN %s",
"Trying to authorize PK-INIT subject DN %s",
*subject_name);
if (config->pkinit_princ_in_cert) {
@@ -1460,7 +1460,7 @@ _kdc_pk_check_client(krb5_context context,
}
static krb5_error_code
add_principal_mapping(krb5_context context,
add_principal_mapping(krb5_context context,
const char *principal_name,
const char * subject)
{
@@ -1502,7 +1502,7 @@ _kdc_add_inital_verified_cas(krb5_context context,
size_t size;
memset(&cas, 0, sizeof(cas));
/* XXX add CAs to cas here */
ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
@@ -1512,7 +1512,7 @@ _kdc_add_inital_verified_cas(krb5_context context,
if (data.length != size)
krb5_abortx(context, "internal asn.1 encoder error");
ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
&data);
krb5_data_free(&data);
@@ -1537,7 +1537,7 @@ load_mappings(krb5_context context, const char *fn)
while (fgets(buf, sizeof(buf), f) != NULL) {
char *subject_name, *p;
buf[strcspn(buf, "\n")] = '\0';
lineno++;
@@ -1561,11 +1561,11 @@ load_mappings(krb5_context context, const char *fn)
lineno, buf);
continue;
}
}
}
fclose(f);
}
/*
*
*/
@@ -1637,7 +1637,7 @@ _kdc_pk_initialize(krb5_context context,
"certifiate with a public key");
}
ret = krb5_config_get_bool_default(context,
ret = krb5_config_get_bool_default(context,
NULL,
FALSE,
"kdc",
@@ -1645,7 +1645,7 @@ _kdc_pk_initialize(krb5_context context,
NULL);
_krb5_pk_allow_proxy_certificate(kdc_identity, ret);
file = krb5_config_get_string(context,
file = krb5_config_get_string(context,
NULL,
"kdc",
"pkinit_mappings_file",