<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[14620] PyKerberos/trunk/src</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/14620">14620</a></dd>
<dt>Author</dt> <dd>wsanchez@apple.com</dd>
<dt>Date</dt> <dd>2015-03-26 14:54:26 -0700 (Thu, 26 Mar 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>cleanup</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#PyKerberostrunksrckerberosbasich">PyKerberos/trunk/src/kerberosbasic.h</a></li>
<li><a href="#PyKerberostrunksrckerberosgssc">PyKerberos/trunk/src/kerberosgss.c</a></li>
<li><a href="#PyKerberostrunksrckerberosgssh">PyKerberos/trunk/src/kerberosgss.h</a></li>
<li><a href="#PyKerberostrunksrckerberospwc">PyKerberos/trunk/src/kerberospw.c</a></li>
<li><a href="#PyKerberostrunksrckerberospwh">PyKerberos/trunk/src/kerberospw.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="PyKerberostrunksrckerberosbasich"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberosbasic.h (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberosbasic.h        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberosbasic.h        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -20,4 +20,7 @@
</span><span class="cx">
</span><span class="cx"> #define krb5_get_err_text(context,code) error_message(code)
</span><span class="cx">
</span><del>-int authenticate_user_krb5pwd(const char *user, const char *pswd, const char *service, const char *default_realm);
</del><ins>+int authenticate_user_krb5pwd(
+ const char *user, const char *pswd, const char *service,
+ const char *default_realm
+);
</ins></span></pre></div>
<a id="PyKerberostrunksrckerberosgssc"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberosgss.c (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberosgss.c        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberosgss.c        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -26,7 +26,10 @@
</span><span class="cx">
</span><span class="cx"> static void set_gss_error(OM_uint32 err_maj, OM_uint32 err_min);
</span><span class="cx">
</span><del>-int create_krb5_ccache(gss_server_state *state, krb5_context kcontext, krb5_principal princ, krb5_ccache *ccache);
</del><ins>+int create_krb5_ccache(
+ gss_server_state *state, krb5_context kcontext, krb5_principal princ,
+ krb5_ccache *ccache
+);
</ins><span class="cx">
</span><span class="cx"> extern PyObject *GssException_class;
</span><span class="cx"> extern PyObject *KrbException_class;
</span><span class="lines">@@ -49,38 +52,46 @@
</span><span class="cx"> match_len = strlen(match);
</span><span class="cx">
</span><span class="cx"> code = krb5_init_context(&kcontext);
</span><del>- if (code)
- {
- PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))",
- "Cannot initialize Kerberos5 context", code));
</del><ins>+ if (code) {
+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "((s:i))", "Cannot initialize Kerberos5 context", code
+ )
+ );
</ins><span class="cx"> return NULL;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if ((code = krb5_kt_default(kcontext, &kt)))
- {
- PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))",
- "Cannot get default keytab", code));
</del><ins>+ if ((code = krb5_kt_default(kcontext, &kt))) {
+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue("((s:i))", "Cannot get default keytab", code)
+ );
</ins><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if ((code = krb5_kt_start_seq_get(kcontext, kt, &cursor)))
- {
- PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))",
- "Cannot get sequence cursor from keytab", code));
</del><ins>+ if ((code = krb5_kt_start_seq_get(kcontext, kt, &cursor))) {
+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "((s:i))", "Cannot get sequence cursor from keytab", code
+ )
+ );
</ins><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0)
- {
- if ((code = krb5_unparse_name(kcontext, entry.principal, &pname)))
- {
- PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))",
- "Cannot parse principal name from keytab", code));
</del><ins>+ while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) {
+ if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) {
+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "((s:i))", "Cannot parse principal name from keytab", code
+ )
+ );
</ins><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (strncmp(pname, match, match_len) == 0)
- {
</del><ins>+ if (strncmp(pname, match, match_len) == 0) {
</ins><span class="cx"> result = malloc(strlen(pname) + 1);
</span><span class="cx"> strcpy(result, pname);
</span><span class="cx"> krb5_free_unparsed_name(kcontext, pname);
</span><span class="lines">@@ -92,23 +103,29 @@
</span><span class="cx"> krb5_free_keytab_entry_contents(kcontext, &entry);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (result == NULL)
- {
- PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))",
- "Principal not found in keytab", -1));
</del><ins>+ if (result == NULL) {
+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue("((s:i))", "Principal not found in keytab", -1)
+ );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> end:
</span><del>- if (cursor)
</del><ins>+ if (cursor) {
</ins><span class="cx"> krb5_kt_end_seq_get(kcontext, kt, &cursor);
</span><del>- if (kt)
</del><ins>+ }
+ if (kt) {
</ins><span class="cx"> krb5_kt_close(kcontext, kt);
</span><ins>+ }
</ins><span class="cx"> krb5_free_context(kcontext);
</span><span class="cx">
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_server_state* delegatestate, gss_client_state* state)
</del><ins>+int authenticate_gss_client_init(
+ const char* service, const char* principal, long int gss_flags,
+ gss_server_state* delegatestate, gss_client_state* state
+)
</ins><span class="cx"> {
</span><span class="cx"> OM_uint32 maj_stat;
</span><span class="cx"> OM_uint32 min_stat;
</span><span class="lines">@@ -127,54 +144,52 @@
</span><span class="cx"> name_token.length = strlen(service);
</span><span class="cx"> name_token.value = (char *)service;
</span><span class="cx">
</span><del>- maj_stat = gss_import_name(&min_stat, &name_token, gss_krb5_nt_service_name, &state->server_name);
</del><ins>+ maj_stat = gss_import_name(
+ &min_stat, &name_token, gss_krb5_nt_service_name, &state->server_name
+ );
</ins><span class="cx">
</span><del>- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx"> // Use the delegate credentials if they exist
</span><del>- if (delegatestate && delegatestate->client_creds != GSS_C_NO_CREDENTIAL)
- {
</del><ins>+ if (delegatestate && delegatestate->client_creds != GSS_C_NO_CREDENTIAL) {
</ins><span class="cx"> state->client_creds = delegatestate->client_creds;
</span><span class="cx"> }
</span><del>-
</del><span class="cx"> // If available use the principal to extract its associated credentials
</span><del>- else if (principal && *principal)
- {
</del><ins>+ else if (principal && *principal) {
</ins><span class="cx"> gss_name_t name;
</span><span class="cx"> principal_token.length = strlen(principal);
</span><span class="cx"> principal_token.value = (char *)principal;
</span><span class="cx">
</span><del>- maj_stat = gss_import_name(&min_stat, &principal_token, GSS_C_NT_USER_NAME, &name);
- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_import_name(
+ &min_stat, &principal_token, GSS_C_NT_USER_NAME, &name
+ );
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><del>-         goto end;
</del><ins>+          goto end;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE,
- &state->client_creds, NULL, NULL);
- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_acquire_cred(
+ &min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+ GSS_C_INITIATE, &state->client_creds, NULL, NULL
+ );
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><del>-         goto end;
</del><ins>+ goto end;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> maj_stat = gss_release_name(&min_stat, &name);
</span><del>- if (GSS_ERROR(maj_stat))
- {
-         set_gss_error(maj_stat, min_stat);
</del><ins>+ if (GSS_ERROR(maj_stat)) {
+ set_gss_error(maj_stat, min_stat);
</ins><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><ins>+ }
</ins><span class="cx">
</span><del>- }
-
</del><span class="cx"> end:
</span><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="lines">@@ -185,19 +200,25 @@
</span><span class="cx"> OM_uint32 min_stat;
</span><span class="cx"> int ret = AUTH_GSS_COMPLETE;
</span><span class="cx">
</span><del>- if (state->context != GSS_C_NO_CONTEXT)
- maj_stat = gss_delete_sec_context(&min_stat, &state->context, GSS_C_NO_BUFFER);
- if (state->server_name != GSS_C_NO_NAME)
</del><ins>+ if (state->context != GSS_C_NO_CONTEXT) {
+ maj_stat = gss_delete_sec_context(
+ &min_stat, &state->context, GSS_C_NO_BUFFER
+ );
+ }
+ if (state->server_name != GSS_C_NO_NAME) {
</ins><span class="cx"> maj_stat = gss_release_name(&min_stat, &state->server_name);
</span><del>- if (state->client_creds != GSS_C_NO_CREDENTIAL && !(state->gss_flags & GSS_C_DELEG_FLAG))
</del><ins>+ }
+ if (
+ state->client_creds != GSS_C_NO_CREDENTIAL &&
+ ! (state->gss_flags & GSS_C_DELEG_FLAG)
+ ) {
</ins><span class="cx"> maj_stat = gss_release_cred(&min_stat, &state->client_creds);
</span><del>- if (state->username != NULL)
- {
</del><ins>+ }
+ if (state->username != NULL) {
</ins><span class="cx"> free(state->username);
</span><span class="cx"> state->username = NULL;
</span><span class="cx"> }
</span><del>- if (state->response != NULL)
- {
</del><ins>+ if (state->response != NULL) {
</ins><span class="cx"> free(state->response);
</span><span class="cx"> state->response = NULL;
</span><span class="cx"> }
</span><span class="lines">@@ -205,8 +226,9 @@
</span><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int authenticate_gss_client_step(gss_client_state* state, const char* challenge)
-{
</del><ins>+int authenticate_gss_client_step(
+ gss_client_state* state, const char* challenge
+) {
</ins><span class="cx"> OM_uint32 maj_stat;
</span><span class="cx"> OM_uint32 min_stat;
</span><span class="cx"> gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -214,15 +236,13 @@
</span><span class="cx"> int ret = AUTH_GSS_CONTINUE;
</span><span class="cx">
</span><span class="cx"> // Always clear out the old response
</span><del>- if (state->response != NULL)
- {
</del><ins>+ if (state->response != NULL) {
</ins><span class="cx"> free(state->response);
</span><span class="cx"> state->response = NULL;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // If there is a challenge (data from the server) we need to give it to GSS
</span><del>- if (challenge && *challenge)
- {
</del><ins>+ if (challenge && *challenge) {
</ins><span class="cx"> size_t len;
</span><span class="cx"> input_token.value = base64_decode(challenge, &len);
</span><span class="cx"> input_token.length = len;
</span><span class="lines">@@ -230,23 +250,24 @@
</span><span class="cx">
</span><span class="cx"> // Do GSSAPI step
</span><span class="cx"> Py_BEGIN_ALLOW_THREADS
</span><del>- maj_stat = gss_init_sec_context(&min_stat,
- state->client_creds,
- &state->context,
- state->server_name,
- GSS_C_NO_OID,
- (OM_uint32)state->gss_flags,
- 0,
- GSS_C_NO_CHANNEL_BINDINGS,
- &input_token,
- NULL,
- &output_token,
- NULL,
- NULL);
</del><ins>+ maj_stat = gss_init_sec_context(
+ &min_stat,
+ state->client_creds,
+ &state->context,
+ state->server_name,
+ GSS_C_NO_OID,
+ (OM_uint32)state->gss_flags,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+ NULL,
+ &output_token,
+ NULL,
+ NULL
+ );
</ins><span class="cx"> Py_END_ALLOW_THREADS
</span><span class="cx">
</span><del>- if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED))
- {
</del><ins>+ if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="lines">@@ -254,19 +275,16 @@
</span><span class="cx">
</span><span class="cx"> ret = (maj_stat == GSS_S_COMPLETE) ? AUTH_GSS_COMPLETE : AUTH_GSS_CONTINUE;
</span><span class="cx"> // Grab the client response to send back to the server
</span><del>- if (output_token.length)
- {
</del><ins>+ if (output_token.length) {
</ins><span class="cx"> state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);;
</span><span class="cx"> maj_stat = gss_release_buffer(&min_stat, &output_token);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Try to get the user name if we have completed all GSS operations
</span><del>- if (ret == AUTH_GSS_COMPLETE)
- {
</del><ins>+ if (ret == AUTH_GSS_COMPLETE) {
</ins><span class="cx"> gss_name_t gssuser = GSS_C_NO_NAME;
</span><span class="cx"> maj_stat = gss_inquire_context(&min_stat, state->context, &gssuser, NULL, NULL, NULL, NULL, NULL, NULL);
</span><del>- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="lines">@@ -275,8 +293,7 @@
</span><span class="cx"> gss_buffer_desc name_token;
</span><span class="cx"> name_token.length = 0;
</span><span class="cx"> maj_stat = gss_display_name(&min_stat, gssuser, &name_token, NULL);
</span><del>- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> if (name_token.value)
</span><span class="cx"> gss_release_buffer(&min_stat, &name_token);
</span><span class="cx"> gss_release_name(&min_stat, &gssuser);
</span><span class="lines">@@ -284,9 +301,7 @@
</span><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><del>- }
- else
- {
</del><ins>+ } else {
</ins><span class="cx"> state->username = (char *)malloc(name_token.length + 1);
</span><span class="cx"> strncpy(state->username, (char*) name_token.value, name_token.length);
</span><span class="cx"> state->username[name_token.length] = 0;
</span><span class="lines">@@ -294,16 +309,20 @@
</span><span class="cx"> gss_release_name(&min_stat, &gssuser);
</span><span class="cx"> }
</span><span class="cx"> }
</span><ins>+
</ins><span class="cx"> end:
</span><del>- if (output_token.value)
</del><ins>+ if (output_token.value) {
</ins><span class="cx"> gss_release_buffer(&min_stat, &output_token);
</span><del>- if (input_token.value)
</del><ins>+ }
+ if (input_token.value) {
</ins><span class="cx"> free(input_token.value);
</span><ins>+ }
</ins><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int authenticate_gss_client_unwrap(gss_client_state *state, const char *challenge)
-{
</del><ins>+int authenticate_gss_client_unwrap(
+ gss_client_state *state, const char *challenge
+) {
</ins><span class="cx">         OM_uint32 maj_stat;
</span><span class="cx">         OM_uint32 min_stat;
</span><span class="cx">         gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -312,55 +331,60 @@
</span><span class="cx">         int conf = 0;
</span><span class="cx">
</span><span class="cx">         // Always clear out the old response
</span><del>-        if (state->response != NULL)
-        {
</del><ins>+        if (state->response != NULL) {
</ins><span class="cx">                 free(state->response);
</span><span class="cx">                 state->response = NULL;
</span><span class="cx">                 state->responseConf = 0;
</span><span class="cx">         }
</span><span class="cx">
</span><span class="cx">         // If there is a challenge (data from the server) we need to give it to GSS
</span><del>-        if (challenge && *challenge)
-        {
</del><ins>+        if (challenge && *challenge) {
</ins><span class="cx">                 size_t len;
</span><span class="cx">                 input_token.value = base64_decode(challenge, &len);
</span><span class="cx">                 input_token.length = len;
</span><span class="cx">         }
</span><span class="cx">
</span><span class="cx">         // Do GSSAPI step
</span><del>-        maj_stat = gss_unwrap(&min_stat,
- state->context,
- &input_token,
- &output_token,
- &conf,
- NULL);
</del><ins>+        maj_stat = gss_unwrap(
+ &min_stat,
+ state->context,
+ &input_token,
+ &output_token,
+ &conf,
+ NULL
+ );
</ins><span class="cx">
</span><del>-        if (maj_stat != GSS_S_COMPLETE)
-        {
</del><ins>+        if (maj_stat != GSS_S_COMPLETE)        {
</ins><span class="cx">                 set_gss_error(maj_stat, min_stat);
</span><span class="cx">                 ret = AUTH_GSS_ERROR;
</span><span class="cx">                 goto end;
</span><del>-        }
-        else
</del><ins>+        } else {
</ins><span class="cx">                 ret = AUTH_GSS_COMPLETE;
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx">         // Grab the client response
</span><del>-        if (output_token.length)
-        {
-                state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);
</del><ins>+        if (output_token.length) {
+                state->response = base64_encode(
+ (const unsigned char *)output_token.value, output_token.length
+ );
</ins><span class="cx">                 state->responseConf = conf;
</span><span class="cx">                 maj_stat = gss_release_buffer(&min_stat, &output_token);
</span><span class="cx">         }
</span><ins>+
</ins><span class="cx"> end:
</span><del>-        if (output_token.value)
</del><ins>+        if (output_token.value) {
</ins><span class="cx">                 gss_release_buffer(&min_stat, &output_token);
</span><del>-        if (input_token.value)
</del><ins>+ }
+        if (input_token.value) {
</ins><span class="cx">                 free(input_token.value);
</span><ins>+ }
</ins><span class="cx">         return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user, int protect)
-{
</del><ins>+int authenticate_gss_client_wrap(
+ gss_client_state* state, const char* challenge, const char* user,
+ int protect
+) {
</ins><span class="cx">         OM_uint32 maj_stat;
</span><span class="cx">         OM_uint32 min_stat;
</span><span class="cx">         gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -370,14 +394,12 @@
</span><span class="cx">         unsigned long buf_size;
</span><span class="cx">
</span><span class="cx">         // Always clear out the old response
</span><del>-        if (state->response != NULL)
-        {
</del><ins>+        if (state->response != NULL) {
</ins><span class="cx">                 free(state->response);
</span><span class="cx">                 state->response = NULL;
</span><span class="cx">         }
</span><span class="cx">
</span><del>-        if (challenge && *challenge)
-        {
</del><ins>+        if (challenge && *challenge) {
</ins><span class="cx">                 size_t len;
</span><span class="cx">                 input_token.value = base64_decode(challenge, &len);
</span><span class="cx">                 input_token.length = len;
</span><span class="lines">@@ -390,10 +412,12 @@
</span><span class="cx">                 buf_size = ntohl(*((long *) input_token.value));
</span><span class="cx">                 free(input_token.value);
</span><span class="cx"> #ifdef PRINTFS
</span><del>-                printf("User: %s, %c%c%c\n", user,
- server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-',
- server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-',
- server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-');
</del><ins>+                printf(
+ "User: %s, %c%c%c\n", user,
+ server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-',
+ server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-',
+ server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-'
+ );
</ins><span class="cx">                 printf("Maximum GSS token size is %ld\n", buf_size);
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="lines">@@ -408,31 +432,33 @@
</span><span class="cx">         }
</span><span class="cx">
</span><span class="cx">         // Do GSSAPI wrap
</span><del>-        maj_stat = gss_wrap(&min_stat,
-                                                state->context,
-                                                protect,
-                                                GSS_C_QOP_DEFAULT,
-                                                &input_token,
-                                                NULL,
-                                                &output_token);
</del><ins>+        maj_stat = gss_wrap(
+ &min_stat,
+ state->context,
+ protect,
+ GSS_C_QOP_DEFAULT,
+ &input_token,
+ NULL,
+ &output_token
+ );
</ins><span class="cx">
</span><del>-        if (maj_stat != GSS_S_COMPLETE)
-        {
</del><ins>+        if (maj_stat != GSS_S_COMPLETE)        {
</ins><span class="cx">                 set_gss_error(maj_stat, min_stat);
</span><span class="cx">                 ret = AUTH_GSS_ERROR;
</span><span class="cx">                 goto end;
</span><del>-        }
-        else
</del><ins>+        } else {
</ins><span class="cx">                 ret = AUTH_GSS_COMPLETE;
</span><ins>+ }
</ins><span class="cx">         // Grab the client response to send back to the server
</span><del>-        if (output_token.length)
-        {
</del><ins>+        if (output_token.length) {
</ins><span class="cx">                 state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);;
</span><span class="cx">                 maj_stat = gss_release_buffer(&min_stat, &output_token);
</span><span class="cx">         }
</span><ins>+
</ins><span class="cx"> end:
</span><del>-        if (output_token.value)
</del><ins>+        if (output_token.value) {
</ins><span class="cx">                 gss_release_buffer(&min_stat, &output_token);
</span><ins>+ }
</ins><span class="cx">         return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -455,27 +481,29 @@
</span><span class="cx">
</span><span class="cx"> // Server name may be empty which means we aren't going to create our own creds
</span><span class="cx"> size_t service_len = strlen(service);
</span><del>- if (service_len != 0)
- {
</del><ins>+ if (service_len != 0) {
</ins><span class="cx"> // Import server name first
</span><span class="cx"> name_token.length = strlen(service);
</span><span class="cx"> name_token.value = (char *)service;
</span><span class="cx">
</span><del>- maj_stat = gss_import_name(&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, &state->server_name);
</del><ins>+ maj_stat = gss_import_name(
+ &min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE,
+ &state->server_name
+ );
</ins><span class="cx">
</span><del>- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> // Get credentials
</span><del>- maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET, GSS_C_BOTH, &state->server_creds, NULL, NULL);
-
- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_acquire_cred(
+ &min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+ GSS_C_BOTH, &state->server_creds, NULL, NULL
+ );
+
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="lines">@@ -492,34 +520,36 @@
</span><span class="cx"> OM_uint32 min_stat;
</span><span class="cx"> int ret = AUTH_GSS_COMPLETE;
</span><span class="cx">
</span><del>- if (state->context != GSS_C_NO_CONTEXT)
- maj_stat = gss_delete_sec_context(&min_stat, &state->context, GSS_C_NO_BUFFER);
- if (state->server_name != GSS_C_NO_NAME)
</del><ins>+ if (state->context != GSS_C_NO_CONTEXT) {
+ maj_stat = gss_delete_sec_context(
+ &min_stat, &state->context, GSS_C_NO_BUFFER
+ );
+ }
+ if (state->server_name != GSS_C_NO_NAME) {
</ins><span class="cx"> maj_stat = gss_release_name(&min_stat, &state->server_name);
</span><del>- if (state->client_name != GSS_C_NO_NAME)
</del><ins>+ }
+ if (state->client_name != GSS_C_NO_NAME) {
</ins><span class="cx"> maj_stat = gss_release_name(&min_stat, &state->client_name);
</span><del>- if (state->server_creds != GSS_C_NO_CREDENTIAL)
</del><ins>+ }
+ if (state->server_creds != GSS_C_NO_CREDENTIAL) {
</ins><span class="cx"> maj_stat = gss_release_cred(&min_stat, &state->server_creds);
</span><del>- if (state->client_creds != GSS_C_NO_CREDENTIAL)
</del><ins>+ }
+ if (state->client_creds != GSS_C_NO_CREDENTIAL) {
</ins><span class="cx"> maj_stat = gss_release_cred(&min_stat, &state->client_creds);
</span><del>- if (state->username != NULL)
- {
</del><ins>+ }
+ if (state->username != NULL) {
</ins><span class="cx"> free(state->username);
</span><span class="cx"> state->username = NULL;
</span><span class="cx"> }
</span><del>- if (state->targetname != NULL)
- {
</del><ins>+ if (state->targetname != NULL) {
</ins><span class="cx"> free(state->targetname);
</span><span class="cx"> state->targetname = NULL;
</span><span class="cx"> }
</span><del>- if (state->response != NULL)
- {
</del><ins>+ if (state->response != NULL) {
</ins><span class="cx"> free(state->response);
</span><span class="cx"> state->response = NULL;
</span><span class="cx"> }
</span><del>-
- if (state->ccname != NULL)
- {
</del><ins>+ if (state->ccname != NULL) {
</ins><span class="cx"> free(state->ccname);
</span><span class="cx"> state->ccname = NULL;
</span><span class="cx"> }
</span><span class="lines">@@ -527,8 +557,9 @@
</span><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int authenticate_gss_server_step(gss_server_state *state, const char *challenge)
-{
</del><ins>+int authenticate_gss_server_step(
+ gss_server_state *state, const char *challenge
+) {
</ins><span class="cx"> OM_uint32 maj_stat;
</span><span class="cx"> OM_uint32 min_stat;
</span><span class="cx"> gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -536,58 +567,59 @@
</span><span class="cx"> int ret = AUTH_GSS_CONTINUE;
</span><span class="cx">
</span><span class="cx"> // Always clear out the old response
</span><del>- if (state->response != NULL)
- {
</del><ins>+ if (state->response != NULL) {
</ins><span class="cx"> free(state->response);
</span><span class="cx"> state->response = NULL;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // If there is a challenge (data from the server) we need to give it to GSS
</span><del>- if (challenge && *challenge)
- {
</del><ins>+ if (challenge && *challenge) {
</ins><span class="cx"> size_t len;
</span><span class="cx"> input_token.value = base64_decode(challenge, &len);
</span><span class="cx"> input_token.length = len;
</span><del>- }
- else
- {
- PyErr_SetString(KrbException_class, "No challenge parameter in request from client");
</del><ins>+ } else {
+ PyErr_SetString(
+ KrbException_class, "No challenge parameter in request from client"
+ );
</ins><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Py_BEGIN_ALLOW_THREADS
</span><del>- maj_stat = gss_accept_sec_context(&min_stat,
- &state->context,
- state->server_creds,
- &input_token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &state->client_name,
- NULL,
- &output_token,
- NULL,
- NULL,
- &state->client_creds);
</del><ins>+ maj_stat = gss_accept_sec_context(
+ &min_stat,
+ &state->context,
+ state->server_creds,
+ &input_token,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &state->client_name,
+ NULL,
+ &output_token,
+ NULL,
+ NULL,
+ &state->client_creds
+ );
</ins><span class="cx"> Py_END_ALLOW_THREADS
</span><span class="cx">
</span><del>- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Grab the server response to send back to the client
</span><del>- if (output_token.length)
- {
- state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);;
</del><ins>+ if (output_token.length) {
+ state->response = base64_encode(
+ (const unsigned char *)output_token.value, output_token.length
+ );;
</ins><span class="cx"> maj_stat = gss_release_buffer(&min_stat, &output_token);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Get the user name
</span><del>- maj_stat = gss_display_name(&min_stat, state->client_name, &output_token, NULL);
- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_display_name(
+ &min_stat, state->client_name, &output_token, NULL
+ );
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="lines">@@ -597,35 +629,41 @@
</span><span class="cx"> state->username[output_token.length] = 0;
</span><span class="cx">
</span><span class="cx"> // Get the target name if no server creds were supplied
</span><del>- if (state->server_creds == GSS_C_NO_CREDENTIAL)
- {
</del><ins>+ if (state->server_creds == GSS_C_NO_CREDENTIAL) {
</ins><span class="cx"> gss_name_t target_name = GSS_C_NO_NAME;
</span><del>- maj_stat = gss_inquire_context(&min_stat, state->context, NULL, &target_name, NULL, NULL, NULL, NULL, NULL);
- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_inquire_context(
+ &min_stat, state->context, NULL, &target_name, NULL, NULL, NULL,
+ NULL, NULL
+ );
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><del>- maj_stat = gss_display_name(&min_stat, target_name, &output_token, NULL);
- if (GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_display_name(
+ &min_stat, target_name, &output_token, NULL
+ );
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> set_gss_error(maj_stat, min_stat);
</span><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx"> state->targetname = (char *)malloc(output_token.length + 1);
</span><del>- strncpy(state->targetname, (char*) output_token.value, output_token.length);
</del><ins>+ strncpy(
+ state->targetname, (char*) output_token.value, output_token.length
+ );
</ins><span class="cx"> state->targetname[output_token.length] = 0;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ret = AUTH_GSS_COMPLETE;
</span><span class="cx">
</span><span class="cx"> end:
</span><del>- if (output_token.length)
</del><ins>+ if (output_token.length) {
</ins><span class="cx"> gss_release_buffer(&min_stat, &output_token);
</span><del>- if (input_token.value)
</del><ins>+ }
+ if (input_token.value) {
</ins><span class="cx"> free(input_token.value);
</span><ins>+ }
</ins><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -642,33 +680,39 @@
</span><span class="cx"> char buf_maj[512];
</span><span class="cx"> char buf_min[512];
</span><span class="cx">
</span><del>- do
- {
- maj_stat = gss_display_status (&min_stat,
- err_maj,
- GSS_C_GSS_CODE,
- GSS_C_NO_OID,
- &msg_ctx,
- &status_string);
- if (GSS_ERROR(maj_stat))
</del><ins>+ do {
+ maj_stat = gss_display_status(
+ &min_stat,
+ err_maj,
+ GSS_C_GSS_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string
+ );
+ if (GSS_ERROR(maj_stat)) {
</ins><span class="cx"> break;
</span><ins>+ }
</ins><span class="cx"> strncpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
</span><span class="cx"> gss_release_buffer(&min_stat, &status_string);
</span><span class="cx">
</span><del>- maj_stat = gss_display_status (&min_stat,
- err_min,
- GSS_C_MECH_CODE,
- GSS_C_NULL_OID,
- &msg_ctx,
- &status_string);
- if (!GSS_ERROR(maj_stat))
- {
</del><ins>+ maj_stat = gss_display_status(
+ &min_stat,
+ err_min,
+ GSS_C_MECH_CODE,
+ GSS_C_NULL_OID,
+ &msg_ctx,
+ &status_string
+ );
+ if (! GSS_ERROR(maj_stat)) {
</ins><span class="cx"> strncpy(buf_min, (char*) status_string.value, sizeof(buf_min));
</span><span class="cx"> gss_release_buffer(&min_stat, &status_string);
</span><span class="cx"> }
</span><span class="cx"> } while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
</span><span class="cx">
</span><del>- PyErr_SetObject(GssException_class, Py_BuildValue("((s:i)(s:i))", buf_maj, err_maj, buf_min, err_min));
</del><ins>+ PyErr_SetObject(
+ GssException_class,
+ Py_BuildValue("((s:i)(s:i))", buf_maj, err_maj, buf_min, err_min)
+ );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> int authenticate_gss_server_store_delegate(gss_server_state *state)
</span><span class="lines">@@ -683,26 +727,44 @@
</span><span class="cx"> int ret = 500;
</span><span class="cx">
</span><span class="cx"> if (delegated_cred == GSS_C_NO_CREDENTIAL){
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s)", "Ticket is not delegatable"));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue("(s)", "Ticket is not delegatable")
+ );
</ins><span class="cx"> return AUTH_GSS_ERROR;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> problem = krb5_init_context(&context);
</span><span class="cx"> if (problem) {
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s)", "Cannot initialize krb5 context"));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue("(s)", "Cannot initialize krb5 context")
+ );
</ins><span class="cx"> return AUTH_GSS_ERROR;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> problem = krb5_parse_name(context, princ_name, &princ);
</span><span class="cx"> if (problem) {
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s:s)", "Cannot parse delegated username", krb5_get_err_text(context, problem)));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "(s:s)", "Cannot parse delegated username",
+ krb5_get_err_text(context, problem)
+ )
+ );
</ins><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> problem = create_krb5_ccache(state, context, princ, &ccache);
</span><span class="cx"> if (problem) {
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s:s)", "Error in creating krb5 cache", krb5_get_err_text(context, problem)));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "(s:s)", "Error in creating krb5 cache",
+ krb5_get_err_text(context, problem)
+ )
+ );
</ins><span class="cx"> ret = AUTH_GSS_ERROR;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="lines">@@ -718,20 +780,22 @@
</span><span class="cx"> ccache = NULL;
</span><span class="cx"> ret = 0;
</span><span class="cx">
</span><del>- end:
- if (princ)
</del><ins>+end:
+ if (princ) {
</ins><span class="cx"> krb5_free_principal(context, princ);
</span><del>- if (ccache)
</del><ins>+ }
+ if (ccache) {
</ins><span class="cx"> krb5_cc_destroy(context, ccache);
</span><ins>+ }
</ins><span class="cx"> krb5_free_context(context);
</span><ins>+
</ins><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int create_krb5_ccache(gss_server_state *state,
- krb5_context kcontext,
- krb5_principal princ,
- krb5_ccache *ccache)
-{
</del><ins>+int create_krb5_ccache(
+ gss_server_state *state, krb5_context kcontext, krb5_principal princ,
+ krb5_ccache *ccache
+) {
</ins><span class="cx"> int fd;
</span><span class="cx"> char ccname[32];
</span><span class="cx"> krb5_error_code problem;
</span><span class="lines">@@ -741,7 +805,10 @@
</span><span class="cx"> snprintf(ccname, sizeof(ccname), "/tmp/krb5cc_pyserv_XXXXXX");
</span><span class="cx"> fd = mkstemp(ccname);
</span><span class="cx"> if (fd < 0) {
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s:s)", "Error in mkstemp", strerror(errno)));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue("(s:s)", "Error in mkstemp", strerror(errno))
+ );
</ins><span class="cx"> ret = 1;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="lines">@@ -749,7 +816,13 @@
</span><span class="cx">
</span><span class="cx"> problem = krb5_cc_resolve(kcontext, ccname, &tmp_ccache);
</span><span class="cx"> if (problem) {
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s:s)", "Error resolving the credential cache", krb5_get_err_text(kcontext, problem)));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "(s:s)", "Error resolving the credential cache",
+ krb5_get_err_text(kcontext, problem)
+ )
+ );
</ins><span class="cx"> ret = 1;
</span><span class="cx"> unlink(ccname);
</span><span class="cx"> goto end;
</span><span class="lines">@@ -757,7 +830,13 @@
</span><span class="cx">
</span><span class="cx"> problem = krb5_cc_initialize(kcontext, tmp_ccache, princ);
</span><span class="cx"> if (problem) {
</span><del>- PyErr_SetObject(KrbException_class, Py_BuildValue("(s:s)", "Error initialising the credential cache", krb5_get_err_text(kcontext, problem)));
</del><ins>+ PyErr_SetObject(
+ KrbException_class,
+ Py_BuildValue(
+ "(s:s)", "Error initialising the credential cache",
+ krb5_get_err_text(kcontext, problem)
+ )
+ );
</ins><span class="cx"> ret = 1;
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="lines">@@ -767,9 +846,10 @@
</span><span class="cx">
</span><span class="cx"> ret = 0;
</span><span class="cx">
</span><del>- end:
- if (tmp_ccache)
</del><ins>+end:
+ if (tmp_ccache) {
</ins><span class="cx"> krb5_cc_destroy(kcontext, tmp_ccache);
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> state->ccname = (char *)malloc(32*sizeof(char));
</span><span class="cx"> strcpy(state->ccname, ccname);
</span></span></pre></div>
<a id="PyKerberostrunksrckerberosgssh"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberosgss.h (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberosgss.h        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberosgss.h        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -52,14 +52,36 @@
</span><span class="cx">
</span><span class="cx"> char* server_principal_details(const char* service, const char* hostname);
</span><span class="cx">
</span><del>-int authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_server_state* delegatestate, gss_client_state* state);
-int authenticate_gss_client_clean(gss_client_state *state);
-int authenticate_gss_client_step(gss_client_state *state, const char *challenge);
-int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);
-int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user, int protect);
</del><ins>+int authenticate_gss_client_init(
+ const char* service, const char* principal, long int gss_flags,
+ gss_server_state* delegatestate, gss_client_state* state
+);
+int authenticate_gss_client_clean(
+ gss_client_state *state
+);
+int authenticate_gss_client_step(
+ gss_client_state *state, const char *challenge
+);
+int authenticate_gss_client_unwrap(
+ gss_client_state* state, const char* challenge
+);
+int authenticate_gss_client_wrap(
+ gss_client_state* state, const char* challenge, const char* user,
+ int protect
+);
</ins><span class="cx">
</span><del>-int authenticate_gss_server_init(const char* service, gss_server_state* state);
-int authenticate_gss_server_clean(gss_server_state *state);
-int authenticate_gss_server_step(gss_server_state *state, const char *challenge);
-int authenticate_gss_server_store_delegate(gss_server_state *state);
-int authenticate_gss_server_has_delegated(gss_server_state *state);
</del><ins>+int authenticate_gss_server_init(
+ const char* service, gss_server_state* state
+);
+int authenticate_gss_server_clean(
+ gss_server_state *state
+);
+int authenticate_gss_server_step(
+ gss_server_state *state, const char *challenge
+);
+int authenticate_gss_server_store_delegate(
+ gss_server_state *state
+);
+int authenticate_gss_server_has_delegated(
+ gss_server_state *state
+);
</ins></span></pre></div>
<a id="PyKerberostrunksrckerberospwc"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberospw.c (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberospw.c        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberospw.c        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -27,17 +27,20 @@
</span><span class="cx">
</span><span class="cx"> static void set_pwchange_error(krb5_context context, krb5_error_code code)
</span><span class="cx"> {
</span><del>- PyErr_SetObject(PwdChangeException_class, Py_BuildValue("(s:i)",
- krb5_get_err_text(context, code), code));
</del><ins>+ PyErr_SetObject(
+ PwdChangeException_class,
+ Py_BuildValue("(s:i)", krb5_get_err_text(context, code), code)
+ );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /* Inspired by krb5_verify_user from Heimdal */
</span><del>-static krb5_error_code verify_krb5_user(krb5_context context,
- krb5_principal principal,
- const char *password,
- const char *service,
- krb5_creds* creds)
-{
</del><ins>+static krb5_error_code verify_krb5_user(
+ krb5_context context,
+ krb5_principal principal,
+ const char *password,
+ const char *service,
+ krb5_creds* creds
+) {
</ins><span class="cx"> krb5_get_init_creds_opt gic_options;
</span><span class="cx"> krb5_error_code code;
</span><span class="cx"> int ret = 0;
</span><span class="lines">@@ -46,11 +49,13 @@
</span><span class="cx"> {
</span><span class="cx"> char *name = NULL;
</span><span class="cx"> code = krb5_unparse_name(context, principal, &name);
</span><del>- if (!code)
</del><ins>+ if (!code) {
</ins><span class="cx"> printf("Trying to get TGT for user %s\n", name);
</span><ins>+ }
</ins><span class="cx"> free(name);
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><ins>+
</ins><span class="cx"> krb5_get_init_creds_opt_init(&gic_options);
</span><span class="cx"> krb5_get_init_creds_opt_set_forwardable(&gic_options, 0);
</span><span class="cx"> krb5_get_init_creds_opt_set_proxiable(&gic_options, 0);
</span><span class="lines">@@ -58,35 +63,43 @@
</span><span class="cx">
</span><span class="cx"> memset(creds, 0, sizeof(krb5_creds));
</span><span class="cx">
</span><del>- code = krb5_get_init_creds_password(context, creds, principal,
- (char *)password, NULL, NULL, 0,
- (char *)service, &gic_options);
</del><ins>+ code = krb5_get_init_creds_password(
+ context, creds, principal,
+ (char *)password, NULL, NULL, 0,
+ (char *)service, &gic_options
+ );
</ins><span class="cx"> if (code) {
</span><span class="cx"> set_pwchange_error(context, code);
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx"> ret = 1; /* success */
</span><ins>+
</ins><span class="cx"> end:
</span><span class="cx"> return ret;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int change_user_krb5pwd(const char *user, const char* oldpswd, const char *newpswd)
-{
</del><ins>+int change_user_krb5pwd(
+ const char *user, const char* oldpswd, const char *newpswd
+) {
</ins><span class="cx"> krb5_context kcontext = NULL;
</span><span class="cx"> krb5_error_code code;
</span><span class="cx"> krb5_principal client = NULL;
</span><del>- krb5_creds creds;
</del><ins>+ krb5_creds creds;
</ins><span class="cx"> int ret = 0;
</span><span class="cx"> char *name = NULL;
</span><ins>+
</ins><span class="cx"> const char* service = "kadmin/changepw";
</span><span class="cx"> int result_code;
</span><span class="cx"> krb5_data result_code_string, result_string;
</span><span class="cx">
</span><span class="cx"> code = krb5_init_context(&kcontext);
</span><span class="cx"> if (code) {
</span><del>- PyErr_SetObject(PwdChangeException_class, Py_BuildValue("((s:i))",
- "Cannot initialize Kerberos5 context",
- code));
</del><ins>+ PyErr_SetObject(
+ PwdChangeException_class,
+ Py_BuildValue(
+ "((s:i))", "Cannot initialize Kerberos5 context", code
+ )
+ );
</ins><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -100,8 +113,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> code = verify_krb5_user(kcontext, client, oldpswd, service, &creds);
</span><del>- if (!code) /* exception set by verify_krb5_user */
</del><ins>+ if (! code) { /* exception set by verify_krb5_user */
</ins><span class="cx"> goto end;
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> code = krb5_change_password(kcontext, &creds, (char*)newpswd,
</span><span class="cx"> &result_code, &result_code_string, &result_string);
</span><span class="lines">@@ -111,27 +125,35 @@
</span><span class="cx"> }
</span><span class="cx"> if (result_code) {
</span><span class="cx"> char *message = NULL;
</span><del>- asprintf(&message, "%.*s: %.*s",
- (int) result_code_string.length,
- (char *) result_code_string.data,
- (int) result_string.length,
- (char *) result_string.data);
- PyErr_SetObject(PwdChangeException_class, Py_BuildValue("((s:i))",
- message, result_code));
</del><ins>+ asprintf(
+ &message, "%.*s: %.*s",
+ (int) result_code_string.length,
+ (char *) result_code_string.data,
+ (int) result_string.length,
+ (char *) result_string.data
+ );
+ PyErr_SetObject(
+ PwdChangeException_class,
+ Py_BuildValue("((s:i))", message, result_code)
+ );
</ins><span class="cx"> free(message);
</span><span class="cx"> goto end;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ret = 1; /* success */
</span><ins>+
</ins><span class="cx"> end:
</span><span class="cx"> #ifdef PRINTFS
</span><span class="cx"> printf("%s: ret=%d user=%s\n", __FUNCTION__, ret, name);
</span><span class="cx"> #endif
</span><del>- if (name)
</del><ins>+
+ if (name) {
</ins><span class="cx"> free(name);
</span><del>- if (client)
</del><ins>+ }
+ if (client) {
</ins><span class="cx"> krb5_free_principal(kcontext, client);
</span><ins>+ }
</ins><span class="cx"> krb5_free_context(kcontext);
</span><ins>+
</ins><span class="cx"> return ret;
</span><span class="cx"> }
</span><del>-
</del></span></pre></div>
<a id="PyKerberostrunksrckerberospwh"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberospw.h (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberospw.h        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberospw.h        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -21,4 +21,6 @@
</span><span class="cx">
</span><span class="cx"> #define krb5_get_err_text(context,code) error_message(code)
</span><span class="cx">
</span><del>-int change_user_krb5pwd(const char *user, const char* oldpswd, const char *newpswd);
</del><ins>+int change_user_krb5pwd(
+ const char *user, const char* oldpswd, const char *newpswd
+);
</ins></span></pre>
</div>
</div>
</body>
</html>