oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use oid variable

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25234 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-05-28 01:17:42 +00:00
parent a63aa6e262
commit d477cd2e23
1 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
lib/krb5/pkinit.c
View File

@@ -186,8 +186,8 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
}; };
int i, ret; int i, ret;
cf[0].oid = oid_id_pkekuoid(); cf[0].oid = &asn1_oid_id_pkekuoid;
cf[1].oid = oid_id_pkinit_ms_eku(); cf[1].oid = &asn1_oid_id_pkinit_ms_eku;
cf[2].oid = NULL; cf[2].oid = NULL;
for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) { for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) {
@@ -468,7 +468,7 @@ build_auth_pack(krb5_context context,
DomainParameters dp; DomainParameters dp;
heim_integer dh_pub_key; heim_integer dh_pub_key;
ret = der_copy_oid(oid_id_dhpublicnumber(), ret = der_copy_oid(&asn1_oid_id_dhpublicnumber,
&a->clientPublicValue->algorithm.algorithm); &a->clientPublicValue->algorithm.algorithm);
if (ret) if (ret)
return ret; return ret;
@@ -684,7 +684,7 @@ pk_mk_padata(krb5_context context,
if (buf.length != size) if (buf.length != size)
krb5_abortx(context, "internal ASN1 encoder error"); krb5_abortx(context, "internal ASN1 encoder error");
oid = oid_id_pkcs7_data(); oid = &asn1_oid_id_pkcs7_data;
} else if (ctx->type == PKINIT_27) { } else if (ctx->type == PKINIT_27) {
AuthPack ap; AuthPack ap;
@@ -707,7 +707,7 @@ pk_mk_padata(krb5_context context,
if (buf.length != size) if (buf.length != size)
krb5_abortx(context, "internal ASN1 encoder error"); krb5_abortx(context, "internal ASN1 encoder error");
oid = oid_id_pkauthdata(); oid = &asn1_oid_id_pkauthdata;
} else } else
krb5_abortx(context, "internal pkinit error"); krb5_abortx(context, "internal pkinit error");
@@ -717,7 +717,7 @@ pk_mk_padata(krb5_context context,
if (ret) if (ret)
goto out; goto out;
ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf); ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &sd_buf, &buf);
krb5_data_free(&sd_buf); krb5_data_free(&sd_buf);
if (ret) { if (ret) {
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
@@ -1041,7 +1041,7 @@ pk_verify_host(krb5_context context,
if (ctx->require_eku) { if (ctx->require_eku) {
ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
oid_id_pkkdcekuoid(), 0); &asn1_oid_id_pkkdcekuoid, 0);
if (ret) { if (ret) {
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("No PK-INIT KDC EKU in kdc certificate", "")); N_("No PK-INIT KDC EKU in kdc certificate", ""));
@@ -1054,7 +1054,7 @@ pk_verify_host(krb5_context context,
ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx, ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx,
host->cert, host->cert,
oid_id_pkinit_san(), &asn1_oid_id_pkinit_san,
&list); &list);
if (ret) { if (ret) {
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
@@ -1136,7 +1136,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
heim_oid contentType = { 0, NULL }; heim_oid contentType = { 0, NULL };
int flags = HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT; int flags = HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT;
if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_envelopedData, dataType)) {
krb5_set_error_message(context, EINVAL, krb5_set_error_message(context, EINVAL,
N_("PKINIT: Invalid content type", "")); N_("PKINIT: Invalid content type", ""));
return EINVAL; return EINVAL;
@@ -1187,7 +1187,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
if (ret) if (ret)
goto out; goto out;
if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { if (der_heim_oid_cmp(&type, &asn1_oid_id_pkcs7_signedData)) {
ret = EINVAL; /* XXX */ ret = EINVAL; /* XXX */
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("PKINIT: Invalid content type", "")); N_("PKINIT: Invalid content type", ""));
@@ -1224,13 +1224,13 @@ pk_rd_pa_reply_enckey(krb5_context context,
#if 0 #if 0
if (type == PKINIT_WIN2K) { if (type == PKINIT_WIN2K) {
if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkcs7_data) != 0) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
goto out; goto out;
} }
} else { } else {
if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkrkeydata) != 0) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
goto out; goto out;
@@ -1290,7 +1290,7 @@ pk_rd_pa_reply_dh(krb5_context context,
krb5_data_zero(&content); krb5_data_zero(&content);
memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_signedData, dataType)) {
krb5_set_error_message(context, EINVAL, krb5_set_error_message(context, EINVAL,
N_("PKINIT: Invalid content type", "")); N_("PKINIT: Invalid content type", ""));
return EINVAL; return EINVAL;
@@ -1311,7 +1311,7 @@ pk_rd_pa_reply_dh(krb5_context context,
if (ret) if (ret)
goto out; goto out;
if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkdhkeydata)) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("pkinit - dh reply contains wrong oid", "")); N_("pkinit - dh reply contains wrong oid", ""));
@@ -2370,7 +2370,7 @@ get_ms_san(hx509_context context, hx509_cert cert, char **upn)
ret = hx509_cert_find_subjectAltName_otherName(context, ret = hx509_cert_find_subjectAltName_otherName(context,
cert, cert,
oid_id_pkinit_ms_san(), &asn1_oid_id_pkinit_ms_san,
&list); &list);
if (ret) if (ret)
return 0; return 0;
@@ -2443,7 +2443,7 @@ _krb5_pk_enterprise_cert(krb5_context context,
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
hx509_query_match_eku(q, oid_id_pkinit_ms_eku()); hx509_query_match_eku(q, &asn1_oid_id_pkinit_ms_eku);
hx509_query_match_cmp_func(q, find_ms_san, NULL); hx509_query_match_cmp_func(q, find_ms_san, NULL);
ret = hx509_certs_filter(hx509ctx, certs, q, &result); ret = hx509_certs_filter(hx509ctx, certs, q, &result);