X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f3ebb786e451da973560f1c9d8cdb151d25108b5..1d28cc061677bd07d9bed48dd84bd5c590247043:/src/src/auths/heimdal_gssapi.c

diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c
index 273d4f47b..1336d0fab 100644
--- a/src/src/auths/heimdal_gssapi.c
+++ b/src/src/auths/heimdal_gssapi.c
@@ -2,8 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 
 /* Copyright (c) Twitter Inc 2012
    Author: Phil Pennock <pdp@exim.org> */
@@ -59,11 +61,11 @@ static void dummy(int x) { dummy2(x-1); }
 /* Authenticator-specific options. */
 optionlist auth_heimdal_gssapi_options[] = {
   { "server_hostname",      opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_hostname)) },
+      OPT_OFF(auth_heimdal_gssapi_options_block, server_hostname) },
   { "server_keytab",        opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_keytab)) },
+      OPT_OFF(auth_heimdal_gssapi_options_block, server_keytab) },
   { "server_service",       opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_service)) }
+      OPT_OFF(auth_heimdal_gssapi_options_block, server_service) }
 };
 
 int auth_heimdal_gssapi_options_count =
@@ -84,7 +86,7 @@ void auth_heimdal_gssapi_init(auth_instance *ablock) {}
 int auth_heimdal_gssapi_server(auth_instance *ablock, uschar *data) {return 0;}
 int auth_heimdal_gssapi_client(auth_instance *ablock, void * sx,
   int timeout, uschar *buffer, int buffsize) {return 0;}
-void auth_heimdal_gssapi_version_report(FILE *f) {}
+gstring * auth_heimdal_gssapi_version_report(gstring * g) {}
 
 #else   /*!MACRO_PREDEF*/
 
@@ -134,10 +136,9 @@ if (!ob->server_service || !*ob->server_service)
   {
   HDEBUG(D_auth) debug_printf("heimdal: missing server_service\n");
   return;
-}
+  }
 
-krc = krb5_init_context(&context);
-if (krc != 0)
+if ((krc = krb5_init_context(&context)))
   {
   int kerr = errno;
   HDEBUG(D_auth) debug_printf("heimdal: failed to initialise krb5 context: %s\n",
@@ -149,8 +150,7 @@ if (ob->server_keytab)
   {
   k_keytab_typed_name = CCS string_sprintf("file:%s", expand_string(ob->server_keytab));
   HDEBUG(D_auth) debug_printf("heimdal: using keytab %s\n", k_keytab_typed_name);
-  krc = krb5_kt_resolve(context, k_keytab_typed_name, &keytab);
-  if (krc)
+  if ((krc = krb5_kt_resolve(context, k_keytab_typed_name, &keytab)))
     {
     HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_resolve", context, krc);
     return;
@@ -159,8 +159,7 @@ if (ob->server_keytab)
 else
  {
   HDEBUG(D_auth) debug_printf("heimdal: using system default keytab\n");
-  krc = krb5_kt_default(context, &keytab);
-  if (krc)
+  if ((krc = krb5_kt_default(context, &keytab)))
     {
     HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_default", context, krc);
     return;
@@ -170,12 +169,11 @@ else
 HDEBUG(D_auth)
   {
   /* http://www.h5l.org/manual/HEAD/krb5/krb5_keytab_intro.html */
-  krc = krb5_kt_start_seq_get(context, keytab, &cursor);
-  if (krc)
+  if ((krc = krb5_kt_start_seq_get(context, keytab, &cursor)))
     exim_heimdal_error_debug("krb5_kt_start_seq_get", context, krc);
   else
     {
-    while ((krc = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0)
+    while (!(krc = krb5_kt_next_entry(context, keytab, &entry, &cursor)))
       {
       principal = enctype_s = NULL;
       krb5_unparse_name(context, entry.principal, &principal);
@@ -188,28 +186,16 @@ HDEBUG(D_auth)
       free(enctype_s);
       krb5_kt_free_entry(context, &entry);
       }
-    krc = krb5_kt_end_seq_get(context, keytab, &cursor);
-    if (krc)
+    if ((krc = krb5_kt_end_seq_get(context, keytab, &cursor)))
       exim_heimdal_error_debug("krb5_kt_end_seq_get", context, krc);
     }
   }
 
-krc = krb5_kt_close(context, keytab);
-if (krc)
+if ((krc = krb5_kt_close(context, keytab)))
   HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_close", context, krc);
 
 krb5_free_context(context);
 
-/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
-if (big_buffer_size < (64 * 1024))
-  {
-  uschar *newbuf;
-  big_buffer_size = 64 * 1024;
-  newbuf = store_malloc(big_buffer_size);
-  store_free(big_buffer);
-  big_buffer = newbuf;
-  }
-
 ablock->server = TRUE;
 }
 
@@ -327,7 +313,7 @@ while (step < 4)
   switch (step)
     {
     case 0:
-      if (!from_client || *from_client == '\0')
+      if (!from_client || !*from_client)
         {
 	if (handled_empty_ir)
 	  {
@@ -335,15 +321,12 @@ while (step < 4)
 	  error_out = BAD64;
 	  goto ERROR_OUT;
 	  }
-	else
-	  {
-	  HDEBUG(D_auth) debug_printf("gssapi: missing initial response, nudging.\n");
-	  error_out = auth_get_data(&from_client, US"", 0);
-	  if (error_out != OK)
-	    goto ERROR_OUT;
-	  handled_empty_ir = TRUE;
-	  continue;
-	  }
+
+	HDEBUG(D_auth) debug_printf("gssapi: missing initial response, nudging.\n");
+	if ((error_out = auth_get_data(&from_client, US"", 0)) != OK)
+	  goto ERROR_OUT;
+	handled_empty_ir = TRUE;
+	continue;
 	}
       /* We should now have the opening data from the client, base64-encoded. */
       step += 1;
@@ -415,7 +398,7 @@ while (step < 4)
 	  NULL,                 /* conf_state: no confidentiality applied */
 	  &gbufdesc_out         /* output buffer */
 	  );
-      if (GSS_ERROR(maj_stat)
+      if (GSS_ERROR(maj_stat))
         {
 	exim_gssapi_error_defer(NULL, maj_stat, min_stat,
 	    "gss_wrap(SASL state after auth)");
@@ -461,7 +444,7 @@ while (step < 4)
 	}
 
       requested_qop = (CS gbufdesc_out.value)[0];
-      if ((requested_qop & 0x01) == 0)
+      if (!(requested_qop & 0x01))
         {
 	HDEBUG(D_auth)
 	  debug_printf("gssapi: client requested security layers (%x)\n",
@@ -493,9 +476,7 @@ while (step < 4)
 
       /* $auth1 is GSSAPI display name */
       maj_stat = gss_display_name(&min_stat,
-	  gclient,
-	  &gbufdesc_out,
-	  &mech_type);
+	  gclient, &gbufdesc_out, &mech_type);
       if (GSS_ERROR(maj_stat))
         {
 	auth_vars[1] = expand_nstring[2] = NULL;
@@ -621,14 +602,15 @@ return FAIL;
 *                Diagnostic API                  *
 *************************************************/
 
-void
-auth_heimdal_gssapi_version_report(FILE *f)
+gstring *
+auth_heimdal_gssapi_version_report(gstring * g)
 {
 /* No build-time constants available unless we link against libraries at
 build-time and export the result as a string into a header ourselves. */
-fprintf(f, "Library version: Heimdal: Runtime: %s\n"
-	   " Build Info: %s\n",
-	heimdal_version, heimdal_long_version);
+
+return string_fmt_append(g, "Library version: Heimdal: Runtime: %s\n"
+			    " Build Info: %s\n",
+	heimdal_version, heimdal_long_version));
 }
 
 #endif   /*!MACRO_PREDEF*/