Copyright updates:

[exim.git] / src / src / auths / heimdal_gssapi.c

diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c
index 273d4f47b5a2d7c77b61cc9d8aab582f8cb422ee..a09d454131d9c66dc2bec1e928b772a5d6ae7a86 100644 (file)
--- a/src/src/auths/heimdal_gssapi.c
+++ b/src/src/auths/heimdal_gssapi.c
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Copyright (c) Twitter Inc 2012
@@ -59,11 +60,11 @@ static void dummy(int x) { dummy2(x-1); }
 /* Authenticator-specific options. */
 optionlist auth_heimdal_gssapi_options[] = {
   { "server_hostname",      opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_hostname)) },
+      OPT_OFF(auth_heimdal_gssapi_options_block, server_hostname) },
   { "server_keytab",        opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_keytab)) },
+      OPT_OFF(auth_heimdal_gssapi_options_block, server_keytab) },
   { "server_service",       opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_service)) }
+      OPT_OFF(auth_heimdal_gssapi_options_block, server_service) }
 };
 
 int auth_heimdal_gssapi_options_count =
@@ -134,10 +135,9 @@ if (!ob->server_service || !*ob->server_service)
   {
   HDEBUG(D_auth) debug_printf("heimdal: missing server_service\n");
   return;
-}
+  }
 
-krc = krb5_init_context(&context);
-if (krc != 0)
+if ((krc = krb5_init_context(&context)))
   {
   int kerr = errno;
   HDEBUG(D_auth) debug_printf("heimdal: failed to initialise krb5 context: %s\n",
@@ -149,8 +149,7 @@ if (ob->server_keytab)
   {
   k_keytab_typed_name = CCS string_sprintf("file:%s", expand_string(ob->server_keytab));
   HDEBUG(D_auth) debug_printf("heimdal: using keytab %s\n", k_keytab_typed_name);
-  krc = krb5_kt_resolve(context, k_keytab_typed_name, &keytab);
-  if (krc)
+  if ((krc = krb5_kt_resolve(context, k_keytab_typed_name, &keytab)))
     {
     HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_resolve", context, krc);
     return;
@@ -159,8 +158,7 @@ if (ob->server_keytab)
 else
  {
   HDEBUG(D_auth) debug_printf("heimdal: using system default keytab\n");
-  krc = krb5_kt_default(context, &keytab);
-  if (krc)
+  if ((krc = krb5_kt_default(context, &keytab)))
     {
     HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_default", context, krc);
     return;
@@ -170,12 +168,11 @@ else
 HDEBUG(D_auth)
   {
   /* http://www.h5l.org/manual/HEAD/krb5/krb5_keytab_intro.html */
-  krc = krb5_kt_start_seq_get(context, keytab, &cursor);
-  if (krc)
+  if ((krc = krb5_kt_start_seq_get(context, keytab, &cursor)))
     exim_heimdal_error_debug("krb5_kt_start_seq_get", context, krc);
   else
     {
-    while ((krc = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0)
+    while (!(krc = krb5_kt_next_entry(context, keytab, &entry, &cursor)))
       {
       principal = enctype_s = NULL;
       krb5_unparse_name(context, entry.principal, &principal);
@@ -188,28 +185,16 @@ HDEBUG(D_auth)
       free(enctype_s);
       krb5_kt_free_entry(context, &entry);
       }
-    krc = krb5_kt_end_seq_get(context, keytab, &cursor);
-    if (krc)
+    if ((krc = krb5_kt_end_seq_get(context, keytab, &cursor)))
       exim_heimdal_error_debug("krb5_kt_end_seq_get", context, krc);
     }
   }
 
-krc = krb5_kt_close(context, keytab);
-if (krc)
+if ((krc = krb5_kt_close(context, keytab)))
   HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_close", context, krc);
 
 krb5_free_context(context);
 
-/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
-if (big_buffer_size < (64 * 1024))
-  {
-  uschar *newbuf;
-  big_buffer_size = 64 * 1024;
-  newbuf = store_malloc(big_buffer_size);
-  store_free(big_buffer);
-  big_buffer = newbuf;
-  }
-
 ablock->server = TRUE;
 }
 
@@ -327,7 +312,7 @@ while (step < 4)
   switch (step)
     {
     case 0:
-      if (!from_client || *from_client == '\0')
+      if (!from_client || !*from_client)
         {
        if (handled_empty_ir)
          {
@@ -335,15 +320,12 @@ while (step < 4)
          error_out = BAD64;
          goto ERROR_OUT;
          }
-       else
-         {
-         HDEBUG(D_auth) debug_printf("gssapi: missing initial response, nudging.\n");
-         error_out = auth_get_data(&from_client, US"", 0);
-         if (error_out != OK)
-           goto ERROR_OUT;
-         handled_empty_ir = TRUE;
-         continue;
-         }
+
+       HDEBUG(D_auth) debug_printf("gssapi: missing initial response, nudging.\n");
+       if ((error_out = auth_get_data(&from_client, US"", 0)) != OK)
+         goto ERROR_OUT;
+       handled_empty_ir = TRUE;
+       continue;
        }
       /* We should now have the opening data from the client, base64-encoded. */
       step += 1;
@@ -415,7 +397,7 @@ while (step < 4)
          NULL,                 /* conf_state: no confidentiality applied */
          &gbufdesc_out         /* output buffer */
          );
-      if (GSS_ERROR(maj_stat)
+      if (GSS_ERROR(maj_stat))
         {
        exim_gssapi_error_defer(NULL, maj_stat, min_stat,
            "gss_wrap(SASL state after auth)");
@@ -461,7 +443,7 @@ while (step < 4)
        }
 
       requested_qop = (CS gbufdesc_out.value)[0];
-      if ((requested_qop & 0x01) == 0)
+      if (!(requested_qop & 0x01))
         {
        HDEBUG(D_auth)
          debug_printf("gssapi: client requested security layers (%x)\n",
@@ -493,9 +475,7 @@ while (step < 4)
 
       /* $auth1 is GSSAPI display name */
       maj_stat = gss_display_name(&min_stat,
-         gclient,
-         &gbufdesc_out,
-         &mech_type);
+         gclient, &gbufdesc_out, &mech_type);
       if (GSS_ERROR(maj_stat))
         {
        auth_vars[1] = expand_nstring[2] = NULL;