diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index e84c0f7e3..37891fef0 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -1272,8 +1272,7 @@ krb5_sname_to_principal(krb5_context context, /* * Helper function to parse name canonicalization rule tokens. */ -static -krb5_error_code +static krb5_error_code rule_parse_token(krb5_context context, krb5_name_canon_rule rule, const char *tok) { @@ -1334,8 +1333,7 @@ rule_parse_token(krb5_context context, krb5_name_canon_rule rule, * This helper function expands the DNS search list rule into qualify * rules, one for each domain in the resolver search list. */ -static -krb5_error_code +static krb5_error_code expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, size_t insert_point) { @@ -1347,7 +1345,7 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, krb5_name_canon_rule new_r; char **dnsrch; char **domains = NULL; - size_t srch_list_len; + size_t search_list_len; size_t i; int ret; @@ -1369,23 +1367,23 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, if (ret) return ENOENT; /* XXX Create a better error */ dnsrch = statbuf.dnsrch; - srch_list_len = sizeof (statbuf.dnsrch) / sizeof (*statbuf.dnsrch); + search_list_len = sizeof (statbuf.dnsrch) / sizeof (*statbuf.dnsrch); #else ret = res_init(); if (ret) return ENOENT; /* XXX Create a better error */ dnsrch = _res.dnsrch; - srch_list_len = sizeof (_res.dnsrch) / sizeof (*_res.dnsrch); + search_list_len = sizeof (_res.dnsrch) / sizeof (*_res.dnsrch); #endif /* USE_RES_NINIT */ - for (i = 0; i < srch_list_len; i++) { + for (i = 0; i < search_list_len; i++) { if (!dnsrch || dnsrch[i] == NULL) { - srch_list_len = i; + search_list_len = i; break; } } - if (srch_list_len == 0) { + if (search_list_len == 0) { /* Invalidate this entry and return */ (*r)[insert_point].type = KRB5_NCRT_BOGUS; return 0; @@ -1395,10 +1393,10 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, * Pre-strdup() the search list so the realloc() below is the last * point at which we can fail with ENOMEM. */ - domains = calloc(srch_list_len, sizeof (*domains)); + domains = calloc(search_list_len, sizeof (*domains)); if (domains == NULL) return krb5_enomem(context); - for (i = 0; i < srch_list_len; i++) { + for (i = 0; i < search_list_len; i++) { if ((domains[i] = strdup(dnsrch[i])) == NULL) { while (i > 0) free(domains[--i]); @@ -1406,28 +1404,28 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, } } - if (srch_list_len > 1) { + if (search_list_len > 1) { /* The -1 here is because we re-use this rule as one of the new rules */ - new_r = realloc(*r, sizeof (**r) * ((*n) + srch_list_len - 1)); + new_r = realloc(*r, sizeof (**r) * ((*n) + search_list_len - 1)); if (new_r == NULL) { - for (i = 0; i < srch_list_len; i++) + for (i = 0; i < search_list_len; i++) free(domains[i]); free(domains); return krb5_enomem(context); } } else { - new_r = *r; /* srch_list_len == 1 */ + new_r = *r; /* search_list_len == 1 */ } /* Make room for the new rules */ if (insert_point < (*n) - 1) { _krb5_debug(context, 5, "Inserting %ld qualify rules in place of a " - "resolver searchlist rule", (unsigned long)srch_list_len); + "resolver searchlist rule", (unsigned long)search_list_len); /* * Move the rules that follow the search list rule down by - * srch_list_len - 1 rules. + * search_list_len - 1 rules. */ - memmove(&new_r[insert_point + srch_list_len], + memmove(&new_r[insert_point + search_list_len], &new_r[insert_point + 1], sizeof (new_r[0]) * ((*n) - (insert_point + 1))); } @@ -1436,10 +1434,10 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, * Clear in case the search-list rule is at the end of the rules; * realloc() won't have done this for us. */ - memset(&new_r[insert_point], 0, sizeof (new_r[0]) * srch_list_len); + memset(&new_r[insert_point], 0, sizeof (new_r[0]) * search_list_len); /* Setup the new rules */ - for (i = 0; i < srch_list_len; i++) { + for (i = 0; i < search_list_len; i++) { _krb5_debug(context, 5, "Inserting qualify rule with domain=%s", dnsrch[i]); new_r[insert_point + i].type = KRB5_NCRT_QUALIFY; @@ -1449,7 +1447,7 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, free(domains); *r = new_r; - *n += srch_list_len - 1; /* -1 because we're replacing one rule */ + *n += search_list_len - 1; /* -1 because we're replacing one rule */ #ifdef USE_RES_NINIT res_ndestroy(&statbuf); @@ -1468,8 +1466,7 @@ expand_search_list(krb5_context context, krb5_name_canon_rule *r, size_t *n, /* * Helper function to parse name canonicalization rules. */ -static -krb5_error_code +static krb5_error_code parse_name_canon_rules(krb5_context context, char **rulestrs, krb5_name_canon_rule *rules) { @@ -1619,8 +1616,7 @@ _krb5_get_name_canon_rules(krb5_context context, krb5_name_canon_rule *rules) return 0; } -static -krb5_error_code +static krb5_error_code get_host_realm(krb5_context context, const char *hostname, char **realm) { krb5_error_code ret; @@ -1667,14 +1663,18 @@ _krb5_apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rule, *out_princ = NULL; if (rule_opts) *rule_opts = 0; + if (rule->type == KRB5_NCRT_BOGUS) return 0; /* rule doesn't apply */ + sname = krb5_principal_get_comp_string(context, in_princ, 0); hostname = krb5_principal_get_comp_string(context, in_princ, 1); + _krb5_debug(context, 5, "Applying a name rule (type %d) to %s", rule->type, hostname); if (rule_opts) *rule_opts = rule->options; + ret = 0; switch (rule->type) { case KRB5_NCRT_AS_IS: @@ -1706,6 +1706,7 @@ _krb5_apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rule, (char *)0); goto out; break; + case KRB5_NCRT_QUALIFY: /* * Note that we should never get these rules even if specified @@ -1749,6 +1750,7 @@ _krb5_apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rule, free(new_hostname); goto out; break; + case KRB5_NCRT_NSS: _krb5_debug(context, 5, "Using name service lookups (without " "reverse lookups)"); @@ -1768,6 +1770,7 @@ _krb5_apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rule, ret = 0; goto out; break; + default: /* Can't happen, but we need this to shut up gcc */ break;