oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

remove trailing whitespace

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-09-13 09:21:03 +00:00
parent e172367898
commit 6937d41a02
940 changed files with 23827 additions and 23827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "krb5/gsskrb5_locl.h"
@@ -47,7 +47,7 @@ _gsskrb5_register_acceptor_identity (const char *identity)
ret = _gsskrb5_init(&context);
if(ret)
return GSS_S_FAILURE;
HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
if(_gsskrb5_keytab != NULL) {
@@ -97,7 +97,7 @@ _gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx)
if (key == NULL)
return;
switch (key->keytype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
@@ -128,7 +128,7 @@ gsskrb5_accept_delegated_token
krb5_ccache ccache = NULL;
krb5_error_code kret;
int32_t ac_flags, ret = GSS_S_COMPLETE;
*minor_status = 0;
/* XXX Create a new delegated_cred_handle? */
@@ -148,7 +148,7 @@ gsskrb5_accept_delegated_token
ctx->flags &= ~GSS_C_DELEG_FLAG;
goto out;
}
krb5_auth_con_removeflags(context,
ctx->auth_context,
KRB5_AUTH_CONTEXT_DO_TIME,
@@ -179,7 +179,7 @@ gsskrb5_accept_delegated_token
goto out;
handle = (gsskrb5_cred) *delegated_cred_handle;
handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
krb5_cc_close(context, ccache);
ccache = NULL;
@@ -219,7 +219,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
if (ret)
return ret;
/*
/*
* If requested, set local sequence num to remote sequence if this
* isn't a mutual authentication context
*/
@@ -282,7 +282,7 @@ send_error_token(OM_uint32 *minor_status,
}
server = ap_req_server;
}
ret = krb5_mk_error(context, kret, NULL, NULL, NULL,
server, NULL, NULL, &outbuf);
if (ap_req_server)
@@ -291,7 +291,7 @@ send_error_token(OM_uint32 *minor_status,
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = _gsskrb5_encapsulate(minor_status,
&outbuf,
output_token,
@@ -352,7 +352,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
} else if (acceptor_cred->keytab != NULL) {
keytab = acceptor_cred->keytab;
}
/*
* We need to check the ticket and create the AP-REP packet
*/
@@ -382,7 +382,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
in, &out);
krb5_rd_req_in_ctx_free(context, in);
if (kret == KRB5KRB_AP_ERR_SKEW) {
/*
/*
* No reply in non-MUTUAL mode, but we don't know that its
* non-MUTUAL mode yet, thats inside the 8003 checksum, so
* lets only send the error token on clock skew, that
@@ -401,7 +401,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
kret = krb5_rd_req_out_get_ap_req_options(context, out,
&ap_options);
if (kret == 0)
kret = krb5_rd_req_out_get_ticket(context, out,
kret = krb5_rd_req_out_get_ticket(context, out,
&ctx->ticket);
if (kret == 0)
kret = krb5_rd_req_out_get_keyblock(context, out,
@@ -415,8 +415,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
return ret;
}
}
/*
* We need to copy the principal names to the context and the
* calling layer.
@@ -429,7 +429,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
*minor_status = kret;
}
kret = krb5_copy_principal(context,
kret = krb5_copy_principal(context,
ctx->ticket->server,
&ctx->target);
if (kret) {
@@ -437,7 +437,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
*minor_status = kret;
return ret;
}
/*
* We need to setup some compat stuff, this assumes that
* context_handle->target is already set.
@@ -462,7 +462,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
*/
{
krb5_authenticator authenticator;
kret = krb5_auth_con_getauthenticator(context,
ctx->auth_context,
&authenticator);
@@ -486,8 +486,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
} else {
krb5_crypto crypto;
kret = krb5_crypto_init(context,
ctx->auth_context->keyblock,
kret = krb5_crypto_init(context,
ctx->auth_context->keyblock,
0, &crypto);
if(kret) {
krb5_free_authenticator(context, &authenticator);
@@ -497,9 +497,9 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
return ret;
}
/*
/*
* Windows accepts Samba3's use of a kerberos, rather than
* GSSAPI checksum here
* GSSAPI checksum here
*/
kret = krb5_verify_checksum(context,
@@ -514,26 +514,26 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
return ret;
}
/*
/*
* Samba style get some flags (but not DCE-STYLE)
*/
ctx->flags =
ctx->flags =
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
}
}
if(ctx->flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
int use_subkey = 0;
_gsskrb5i_is_cfx(ctx, &is_cfx);
if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) {
use_subkey = 1;
} else {
krb5_keyblock *rkey;
/*
/*
* If there is a initiator subkey, copy that to acceptor
* subkey to match Windows behavior
*/
@@ -541,7 +541,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
ctx->auth_context,
&rkey);
if (kret == 0) {
kret = krb5_auth_con_setlocalsubkey(context,
kret = krb5_auth_con_setlocalsubkey(context,
ctx->auth_context,
rkey);
if (kret == 0)
@@ -555,7 +555,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
KRB5_AUTH_CONTEXT_USE_SUBKEY,
NULL);
}
kret = krb5_mk_rep(context,
ctx->auth_context,
&outbuf);
@@ -563,7 +563,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
*minor_status = kret;
return GSS_S_FAILURE;
}
if (IS_DCE_STYLE(ctx)) {
output_token->length = outbuf.length;
output_token->value = outbuf.data;
@@ -578,17 +578,17 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
return ret;
}
}
ctx->flags |= GSS_C_TRANS_FLAG;
/* Remember the flags */
ctx->lifetime = ctx->ticket->ticket.endtime;
ctx->more_flags |= OPEN;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (time_rec) {
ret = _gsskrb5_lifetime_left(minor_status,
context,
@@ -615,7 +615,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
return GSS_S_CONTINUE_NEEDED;
}
ret = gsskrb5_acceptor_ready(minor_status, ctx, context,
ret = gsskrb5_acceptor_ready(minor_status, ctx, context,
delegated_cred_handle);
if (ret_flags)
@@ -643,14 +643,14 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
krb5_data inbuf;
int32_t r_seq_number, l_seq_number;
/*
/*
* We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP
*/
inbuf.length = input_token_buffer->length;
inbuf.data = input_token_buffer->value;
/*
/*
* We need to remeber the old remote seq_number, then check if the
* client has replied with our local seq_number, and then reset
* the remote seq_number to the old value
@@ -681,11 +681,11 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
}
}
/*
/*
* We need to verify the AP_REP, but we need to flag that this is
* DCE_STYLE, so don't check the timestamps this time, but put the
* flag DO_TIME back afterward.
*/
*/
{
krb5_ap_rep_enc_part *repl;
int32_t auth_flags;
@@ -783,7 +783,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
}
}
return gsskrb5_acceptor_ready(minor_status, ctx, context,
return gsskrb5_acceptor_ready(minor_status, ctx, context,
delegated_cred_handle);
}
@@ -824,17 +824,17 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status,
if (ret)
return ret;
}
ctx = (gsskrb5_ctx)*context_handle;
/*
* TODO: check the channel_bindings
* TODO: check the channel_bindings
* (above just sets them to krb5 layer)
*/
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
switch (ctx->state) {
case ACCEPTOR_START:
ret = gsskrb5_acceptor_start(minor_status,
@@ -865,7 +865,7 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status,
delegated_cred_handle);
break;
case ACCEPTOR_READY:
/*
/*
* If we get there, the caller have called
* gss_accept_sec_context() one time too many.
*/
@@ -876,9 +876,9 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status,
ret = GSS_S_BAD_STATUS;
break;
}
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
if (GSS_ERROR(ret)) {
OM_uint32 min2;
_gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);