Changeset 358

Timestamp:

11/06/08 14:28:46 (4 years ago)

Author:

ludovic.rousseau

Message:

remove trailing tab and space characters

Location:

trunk/src

Files:

• common/NSPRerrs.h (modified) (2 diffs)
• common/SECerrs.h (modified) (2 diffs)
• common/algorithm.c (modified) (1 diff)
• common/base64.h (modified) (1 diff)
• common/cert_info.c (modified) (11 diffs)
• common/cert_info.h (modified) (2 diffs)
• common/cert_vfy.c (modified) (4 diffs)
• common/cert_vfy.h (modified) (1 diff)
• common/debug.c (modified) (2 diffs)
• common/debug.h (modified) (2 diffs)
• common/error.h (modified) (1 diff)
• common/pkcs11_lib.c (modified) (36 diffs)
• common/pkcs11_lib.h (modified) (4 diffs)
• common/rsaref/PKCS11_README (modified) (1 diff)
• common/rsaref/pkcs11.h (modified) (1 diff)
• common/rsaref/pkcs11f.h (modified) (6 diffs)
• common/rsaref/pkcs11t.h (modified) (17 diffs)
• common/secutil.h (modified) (11 diffs)
• common/strings.h (modified) (3 diffs)
• common/uri.c (modified) (1 diff)
• mappers/cn_mapper.c (modified) (1 diff)
• mappers/cn_mapper.h (modified) (1 diff)
• mappers/digest_mapper.c (modified) (1 diff)
• mappers/digest_mapper.h (modified) (1 diff)
• mappers/generic_mapper.c (modified) (4 diffs)
• mappers/generic_mapper.h (modified) (1 diff)
• mappers/krb_mapper.c (modified) (1 diff)
• mappers/krb_mapper.h (modified) (1 diff)
• mappers/ldap_mapper.c (modified) (34 diffs)
• mappers/ldap_mapper.h (modified) (1 diff)
• mappers/mail_mapper.c (modified) (1 diff)
• mappers/mail_mapper.h (modified) (1 diff)
• mappers/mapper.c (modified) (2 diffs)
• mappers/mapper.h (modified) (5 diffs)
• mappers/mapperlist.h (modified) (1 diff)
• mappers/ms_mapper.c (modified) (3 diffs)
• mappers/ms_mapper.h (modified) (1 diff)
• mappers/null_mapper.h (modified) (1 diff)
• mappers/opensc_mapper.c (modified) (1 diff)
• mappers/opensc_mapper.h (modified) (1 diff)
• mappers/openssh_mapper.c (modified) (3 diffs)
• mappers/openssh_mapper.h (modified) (1 diff)
• mappers/pwent_mapper.c (modified) (2 diffs)
• mappers/pwent_mapper.h (modified) (1 diff)
• mappers/subject_mapper.h (modified) (1 diff)
• mappers/uid_mapper.c (modified) (2 diffs)
• mappers/uid_mapper.h (modified) (1 diff)
• pam_pkcs11/mapper_mgr.c (modified) (7 diffs)
• pam_pkcs11/mapper_mgr.h (modified) (1 diff)
• pam_pkcs11/pam_config.c (modified) (4 diffs)
• pam_pkcs11/pam_pkcs11.c (modified) (25 diffs)
• scconf/README.scconf (modified) (7 diffs)
• scconf/parse.c (modified) (2 diffs)
• tools/card_eventmgr.c (modified) (4 diffs)
• tools/pkcs11_eventmgr.c (modified) (14 diffs)
• tools/pkcs11_listcerts.c (modified) (2 diffs)
• tools/pkcs11_setup.c (modified) (17 diffs)
• tools/pklogin_finder.c (modified) (1 diff)

trunk/src/common/NSPRerrs.h

@@ -62 +62 @@
 ER2( PR_LOAD_LIBRARY_ERROR,     "Failure to load dynamic library." )
 ER2( PR_UNLOAD_LIBRARY_ERROR,   "Failure to unload dynamic library." )
-ER2( PR_FIND_SYMBOL_ERROR,      
+ER2( PR_FIND_SYMBOL_ERROR, 
 "Symbol not found in any of the loaded dynamic libraries." )
 ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
-ER2( PR_DIRECTORY_LOOKUP_ERROR,         
+ER2( PR_DIRECTORY_LOOKUP_ERROR, 
 "A directory lookup on a network address has failed." )
-ER2( PR_TPD_RANGE_ERROR,                
+ER2( PR_TPD_RANGE_ERROR, 
 "Attempt to access a TPD key that is out of range." )
 ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
 ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
-ER2( PR_NOT_SOCKET_ERROR,       
+ER2( PR_NOT_SOCKET_ERROR, 
 "Network operation attempted on non-network file descriptor." )
-ER2( PR_NOT_TCP_SOCKET_ERROR,   
+ER2( PR_NOT_TCP_SOCKET_ERROR, 
 "TCP-specific function attempted on a non-TCP file descriptor." )
 ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
 ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
-ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, 
+ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
 "The requested operation is not supported by the platform." )
-ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, 
+ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
 "The host operating system does not support the protocol requested." )
 ER2( PR_REMOTE_FILE_ERROR,      "Access to the remote file has been severed." )
-ER2( PR_BUFFER_OVERFLOW_ERROR,  
+ER2( PR_BUFFER_OVERFLOW_ERROR, 
 "The value requested is too large to be stored in the data buffer provided." )
 ER2( PR_CONNECT_RESET_ERROR,    "TCP connection reset by peer." )
@@ -88 +88 @@
 ER2( PR_DEADLOCK_ERROR,         "The operation would have deadlocked." )
 ER2( PR_FILE_IS_LOCKED_ERROR,   "The file is already locked." )
-ER2( PR_FILE_TOO_BIG_ERROR,     
+ER2( PR_FILE_TOO_BIG_ERROR, 
 "Write would result in file larger than the system allows." )
 ER2( PR_NO_DEVICE_SPACE_ERROR,  "The device for storing the file is full." )
 ER2( PR_PIPE_ERROR,             "Unused." )
 ER2( PR_NO_SEEK_DEVICE_ERROR,   "Unused." )
-ER2( PR_IS_DIRECTORY_ERROR,     
+ER2( PR_IS_DIRECTORY_ERROR, 
 "Cannot perform a normal file operation on a directory." )
 ER2( PR_LOOP_ERROR,             "Symbolic link loop." )
 ER2( PR_NAME_TOO_LONG_ERROR,    "File name is too long." )
 ER2( PR_FILE_NOT_FOUND_ERROR,   "File not found." )
-ER2( PR_NOT_DIRECTORY_ERROR,    
+ER2( PR_NOT_DIRECTORY_ERROR, 
 "Cannot perform directory operation on a normal file." )
-ER2( PR_READ_ONLY_FILESYSTEM_ERROR, 
+ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
 "Cannot write to a read-only file system." )
-ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, 
+ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
 "Cannot delete a directory that is not empty." )
-ER2( PR_FILESYSTEM_MOUNTED_ERROR, 
+ER2( PR_FILESYSTEM_MOUNTED_ERROR,
 "Cannot delete or rename a file object while the file system is busy." )
-ER2( PR_NOT_SAME_DEVICE_ERROR,  
+ER2( PR_NOT_SAME_DEVICE_ERROR, 
 "Cannot rename a file to a file system on another device." )
-ER2( PR_DIRECTORY_CORRUPTED_ERROR, 
+ER2( PR_DIRECTORY_CORRUPTED_ERROR,
 "The directory object in the file system is corrupted." )
-ER2( PR_FILE_EXISTS_ERROR,      
+ER2( PR_FILE_EXISTS_ERROR, 
 "Cannot create or rename a filename that already exists." )
-ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, 
+ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
 "Directory is full.  No additional filenames may be added." )
-ER2( PR_INVALID_DEVICE_STATE_ERROR, 
+ER2( PR_INVALID_DEVICE_STATE_ERROR,
 "The required device was in an invalid state." )
 ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )

trunk/src/common/SECerrs.h

@@ -148 +148 @@
 ER3(SEC_ERROR_CA_CERT_INVALID,                  (SEC_ERROR_BASE + 36),
 "Issuer certificate is invalid.")
-   
+
 ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID,      (SEC_ERROR_BASE + 37),
 "Certificate path length constraint is invalid.")
@@ -376 +376 @@
 ER3(SEC_ERROR_OLD_KRL,                          (SEC_ERROR_BASE + 110),
 "New KRL is not later than the current one.")
- 
+
 ER3(SEC_ERROR_CKL_CONFLICT,                     (SEC_ERROR_BASE + 111),
 "New CKL has different issuer than current CKL.  Delete current CKL.")

trunk/src/common/algorithm.c

@@ -28 +28 @@
 ALGORITHM_TYPE Alg_get_alg_from_string(const char *hashString)
 {
-    /* sigh, we don't have any string to out conversion 
+    /* sigh, we don't have any string to out conversion
      * it would be nice to at least search the oid table by
      * description */

trunk/src/common/base64.h

@@ -1 +1 @@
 /*
- * BASE64 Encoding funtions 
+ * BASE64 Encoding funtions
  * Copyright (C) 2001, 2002  Juha Yrj\uffffl\uffff <juha.yrjola@iki.fi>
  * Copyright (C) 2003-2004 Mario Strasser <mast@gmx.net>

trunk/src/common/cert_info.c

@@ -36 +36 @@
 /*
  * NSS dynamic oid support.
- *  NSS is able to understand new oid tags provided by the application, 
+ *  NSS is able to understand new oid tags provided by the application,
  *  including
  *  understanding new cert extensions that NSS previously did not understand.
@@ -46 +46 @@
 SECOidTag CERT_KerberosPN_OID = SEC_OID_UNKNOWN;
 static const unsigned char kerberosOID[] =  { 0x2b, 0x6, 0x1, 0x5, 0x2, 0x2 };
-static const SECOidData kerberosPN_Entry = 
-       { TO_ITEM(kerberosOID), SEC_OID_UNKNOWN, 
+static const SECOidData kerberosPN_Entry =
+       { TO_ITEM(kerberosOID), SEC_OID_UNKNOWN,
        "Kerberos Priniciple", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION };
 
 SECOidTag CERT_MicrosoftUPN_OID = SEC_OID_UNKNOWN;
 /* { 1.3.6.1.4.1.311 } */
-static const unsigned char microsoftUPNOID[] =  
+static const unsigned char microsoftUPNOID[] =
         { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0x14, 0x2, 0x3 };
-static const SECOidData microsoftUPN_Entry = 
-        { TO_ITEM(microsoftUPNOID), SEC_OID_UNKNOWN, 
-        "Microsoft Universal Priniciple", CKM_INVALID_MECHANISM, 
+static const SECOidData microsoftUPN_Entry =
+        { TO_ITEM(microsoftUPNOID), SEC_OID_UNKNOWN,
+        "Microsoft Universal Priniciple", CKM_INVALID_MECHANISM,
         INVALID_CERT_EXTENSION };
 
@@ -148 +148 @@
         goto no_upn;
     }
-    
+
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena) {
@@ -252 +252 @@
       if ( !algorithm ) {
         DBG("Must specify digest algorithm");
-        return NULL;            
+        return NULL;
       }
       return cert_info_digest(x509,algorithm);
@@ -431 +431 @@
                 if (OBJ_cmp(name->d.otherName->type_id, krb5PrincipalName)) continue; /* object is not a UPN */
                 else {
-                    /* NOTE: 
+                    /* NOTE:
                     from PKINIT RFC, I deduce that stored format for kerberos
                     Principal Name is ASN1_STRING, but not sure at 100%
@@ -613 +613 @@
         }
         pt=key2pem(pubk);
-        if (!pt) { 
+        if (!pt) {
             DBG("key2pem() failed");
             EVP_PKEY_free(pubk);
@@ -630 +630 @@
         *pt++= (n&0x0000ff00) >>8;
         *pt++= (n&0x000000ff) >>0;
-        return 4;       
+        return 4;
 }
 
@@ -696 +696 @@
                         res= BN_append(pt, pubk->pkey.dsa->pub_key); pt+=res;
                         break;
-                case EVP_PKEY_RSA: 
+                case EVP_PKEY_RSA:
                         if (!pubk->pkey.rsa) {
                                 DBG("No data for public RSA key");
@@ -702 +702 @@
                         }
                         /* dump key into a byte array */
-                        type="ssh-rsa"; 
+                        type="ssh-rsa";
                         res= int_append(pt,strlen(type)); pt+=res;
                         res= str_append(pt,type,strlen(type)); pt+=res;
@@ -826 +826 @@
 
         len = i2c_ASN1_INTEGER(serial, NULL);
-        
+
         if (len < 0) {
                 return NULL;
@@ -883 +883 @@
                 if ( !algorithm ) {
                     DBG("Must specify digest algorithm");
-                    return NULL;                
+                    return NULL;
                 }
                 return cert_info_digest(x509,algorithm);

trunk/src/common/cert_info.h

@@ -23 +23 @@
 
 /** Certificate Common Name */
-#define CERT_CN         1       
+#define CERT_CN         1
 /** Certificate subject */
 #define CERT_SUBJECT    2
 /** Kerberos principal name */
-#define CERT_KPN        3       
+#define CERT_KPN        3
 /** Certificate e-mail */
-#define CERT_EMAIL      4       
+#define CERT_EMAIL      4
 /** Microsoft's Universal Principal Name */
-#define CERT_UPN        5       
+#define CERT_UPN        5
 /** Certificate Unique Identifier */
-#define CERT_UID        6       
+#define CERT_UID        6
 /** Certificate Public Key (PEM Format)*/
-#define CERT_PUK        7       
+#define CERT_PUK        7
 /** Certificate Digest */
-#define CERT_DIGEST     8       
+#define CERT_DIGEST     8
 /** Certificate Public key in OpenSSH format */
-#define CERT_SSHPUK     9       
+#define CERT_SSHPUK     9
 /** Certificate in PEM format */
-#define CERT_PEM        10      
+#define CERT_PEM        10
 /** Certificate issuer */
 #define CERT_ISSUER     11
@@ -52 +52 @@
 #define CERT_INFO_SIZE 16
 /** Max number of entries to find from certificate */
-#define CERT_INFO_MAX_ENTRIES ( CERT_INFO_SIZE - 1 ) 
+#define CERT_INFO_MAX_ENTRIES ( CERT_INFO_SIZE - 1 )
 
 #ifndef __CERT_INFO_C_

trunk/src/common/cert_vfy.c

@@ -71 +71 @@
 }
 
-#else 
+#else
 
 #define __CERT_VFY_C_
@@ -255 +255 @@
             DBG1("downloading crl from %s", name->d.ia5->data);
             crl = download_crl((const char *)name->d.ia5->data);
-            
+
             /*crl = download_crl("file:///home/mario/projects/pkcs11_login/tests/ca_crl_0.pem"); */
             /*crl = download_crl("http://www-t.zhwin.ch/ca/root_ca.crl"); */
@@ -394 +394 @@
 
 /*
-* @return -1 on error, 0 on verify failed, 1 on verify sucess 
+* @return -1 on error, 0 on verify failed, 1 on verify sucess
 */
 int verify_certificate(X509 * x509, cert_policy *policy)
@@ -429 +429 @@
   if (rv != 1) {
     X509_STORE_CTX_free(ctx);
-    X509_STORE_free(store); 
+    X509_STORE_free(store);
     set_error("certificate is invalid: %s", X509_verify_cert_error_string(ctx->error));
-    return 0;  
+    return 0;
   } else {
     DBG("certificate is valid");

trunk/src/common/cert_vfy.h

@@ -30 +30 @@
 #include "cert_st.h"
 
-typedef enum { 
+typedef enum {
         /** Do not perform any CRL verification */
-        CRLP_NONE, 
+        CRLP_NONE,
         /** Retrieve CRL from CA site */
-        CRLP_ONLINE, 
+        CRLP_ONLINE,
         /** Retrieve CRL from local filesystem */
         CRLP_OFFLINE,
         /** Try CRL check online, else ofline, else fail */
-        CRLP_AUTO 
+        CRLP_AUTO
         } crl_policy_t;
 
-typedef enum { 
-        OCSP_NONE, 
-        OCSP_ON 
+typedef enum {
+        OCSP_NONE,
+        OCSP_ON
         } ocsp_policy_t;
 

trunk/src/common/debug.c

@@ -1 @@
-/* 
+/*
  * PKCS #11 PAM Login Module
  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
@@ -60 +60 @@
       vsnprintf(buf, sizeof(buf), format, ap);
       va_end(ap);
-      
+
       syslog(LOG_INFO, buf);
     }

trunk/src/common/debug.h

@@ -63 +63 @@
 #ifndef __DEBUG_C_
 #define DEBUG_EXTERN extern
-#else 
+#else
 #define DEBUG_EXTERN
 #endif
@@ -80 +80 @@
 
 /**
- * debug_print() prints the given message 
+ * debug_print() prints the given message
 
- * if the current debug-level 
+ * if the current debug-level
  * is greater or equal to the defined level. The format string as well as all
- * further arguments are interpreted as by the printf() function. 
+ * further arguments are interpreted as by the printf() function.
  *@param level Debug level of message
  *@param file Name of the file where message is generated

trunk/src/common/error.h

@@ -31 +31 @@
 
 /** Default error message buffer size */
-#define ERROR_BUFFER_SIZE 512 
+#define ERROR_BUFFER_SIZE 512
 
 #ifndef __ERROR_C_

trunk/src/common/pkcs11_lib.c

@@ -213 +213 @@
 
 
-static SECMODModule *find_module_by_library(char *pkcs11_module) 
+static SECMODModule *find_module_by_library(char *pkcs11_module)
 {
   SECMODModule *module = NULL;
@@ -236 +236 @@
  * NSS allows you to load a specific module. If the user specified a module
  * to load, load it, otherwize select on of the standard modules from the
- * secmod.db list. 
+ * secmod.db list.
  */
 int load_pkcs11_module(char *pkcs11_module, pkcs11_handle_t **hp)
@@ -261 +261 @@
   }
 
-  /* specified module is not already loaded, load it now */     
+  /* specified module is not already loaded, load it now */
   moduleSpec = (char *)malloc(sizeof(SPEC_TEMPLATE) + strlen(pkcs11_module));
   if (!moduleSpec) {
@@ -298 +298 @@
   int i;
 
-  /* if module is null, 
+  /* if module is null,
    * any of the PKCS #11 modules specified in the system config
    * is available, find one */
@@ -364 +364 @@
  * slot is ok.
  */
-int find_slot_by_number_and_label(pkcs11_handle_t *h, 
+int find_slot_by_number_and_label(pkcs11_handle_t *h,
                                   int wanted_slot_id,
                                   const char *wanted_token_label,
@@ -385 +385 @@
     token_label = PK11_GetTokenName(h->slot);
 
-    if ((token_label != NULL) && 
+    if ((token_label != NULL) &&
         (strcmp (wanted_token_label, token_label) == 0)) {
       return 0;
@@ -413 +413 @@
 }
 
-int wait_for_token(pkcs11_handle_t *h, 
+int wait_for_token(pkcs11_handle_t *h,
                    int wanted_slot_id,
                    const char *wanted_token_label,
@@ -450 +450 @@
 }
 
-/* 
+/*
  * This function will search the slot list to find a slot based on the slot
  * label.  If the wanted_slot_label is "none", then we will return the first
  * slot with the token presented.
- * 
+ *
  * This function return 0 if it found a matching slot; otherwise, it returns
  * -1.
@@ -481 +481 @@
 
         slot = PK11_ReferenceSlot(module->slots[i]);
-        slot_label = PK11_GetSlotName(slot);    
+        slot_label = PK11_GetSlotName(slot);
         if (memcmp_pad_max((void *)slot_label, strlen(slot_label),
             (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) {
@@ -509 +509 @@
     return (-1);
 
-  if (wanted_token_label == NULL){ 
+  if (wanted_token_label == NULL){
     rv = find_slot_by_slotlabel(h, wanted_slot_label, slot_num);
     return (rv);
@@ -515 +515 @@
 
   /* wanted_token_label != NULL */
-  if (strcmp(wanted_slot_label, "none") == 0) { 
+  if (strcmp(wanted_slot_label, "none") == 0) {
     for (i = 0; i < module->slotCount; i++) {
       if (module->slots[i] && PK11_IsPresent(module->slots[i])) {
@@ -554 +554 @@
 }
 
-int wait_for_token_by_slotlabel(pkcs11_handle_t *h, 
+int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
                    const char *wanted_slot_label,
                    const char *wanted_token_label,
@@ -566 +566 @@
     rv = find_slot_by_slotlabel_and_tokenlabel (h, wanted_slot_label,
         wanted_token_label, slot_num);
-  
+
     if (rv !=  0) {
       PK11SlotInfo *slot;
@@ -593 +593 @@
 
 
-void release_pkcs11_module(pkcs11_handle_t *h) 
+void release_pkcs11_module(pkcs11_handle_t *h)
 {
   SECStatus rv;
@@ -715 +715 @@
   if (rv != SECSuccess) {
       CERT_DestroyCertList(certList);
-      DBG1("Couldn't filter out email certs: %s", 
+      DBG1("Couldn't filter out email certs: %s",
                                 SECU_Strerror(PR_GetError()));
       return NULL;
@@ -729 +729 @@
 
   /* convert the link list from NSS to the array used by pam_pkcs11 */
-  for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node,certList); 
+  for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node,certList);
                                                 node = CERT_LIST_NEXT(node)) {
         if (node->cert) {
@@ -749 +749 @@
   }
 
-  for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node,certList); 
+  for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node,certList);
                                          node = CERT_LIST_NEXT(node)) {
     if (node->cert) {
@@ -812 +812 @@
 }
 
-int get_random_value(unsigned char *data, int length) 
+int get_random_value(unsigned char *data, int length)
 {
   SECStatus rv = PK11_GenerateRandom(data,length);
@@ -848 +848 @@
  */
 const char *
-SECU_Strerror(PRErrorCode errNum) 
+SECU_Strerror(PRErrorCode errNum)
 {
   PRInt32 low  = 0;
@@ -864 +864 @@
       num = errStrings[i].errNum;
       if (num <= lastNum) {
-        fprintf(stderr, 
+        fprintf(stderr,
                 "sequence error in error strings at item %d\n"
                 "error %d (%s)\n"
                 "should come after \n"
                 "error %d (%s)\n",
-                i, lastNum, errStrings[i-1].errString, 
+                i, lastNum, errStrings[i-1].errString,
                 num, errStrings[i].errString);
       }
@@ -881 +881 @@
     i = (low + high) / 2;
     num = errStrings[i].errNum;
-    if (errNum == num) 
+    if (errNum == num)
       return errStrings[i].errString;
     if (errNum < num)
       high = i;
-    else 
+    else
       low = i;
   }
@@ -949 +949 @@
   DBG1("PKCS #11 module = [%s]", module);
   /* reset pkcs #11 handle */
-  
+
   h = (pkcs11_handle_t *)calloc(sizeof(pkcs11_handle_t), 1);
   if (h == NULL) {
@@ -1049 +1049 @@
   CK_INFO info;
   CK_C_INITIALIZE_ARGS initArgs;
-  /* 
-   Set up arguments to allow native threads 
+  /*
+   Set up arguments to allow native threads
    According with pkcs#11v2.20, must set all pointers to null
    and flags CKF_OS_LOCKING_OK
@@ -1141 +1141 @@
    /* zero means find the best slot */
    if (slot_num == 0) {
-        for (slot_num = 0; slot_num < h->slot_count && 
+        for (slot_num = 0; slot_num < h->slot_count &&
                                 !h->slots[slot_num].token_present; slot_num++);
    } else {
@@ -1154 +1154 @@
    return 0;
 }
-        
-int find_slot_by_number_and_label(pkcs11_handle_t *h, 
+
+int find_slot_by_number_and_label(pkcs11_handle_t *h,
                                   int wanted_slot_id,
                                   const char *wanted_token_label,
@@ -1176 +1176 @@
     token_label = h->slots[*slot_num].label;
 
-    if ((token_label != NULL) && 
+    if ((token_label != NULL) &&
         (strcmp (wanted_token_label, token_label) == 0)) {
       return 0;
@@ -1187 +1187 @@
     if (h->slots[slot_index].token_present) {
       token_label = h->slots[slot_index].label;
-      if ((token_label != NULL) && 
+      if ((token_label != NULL) &&
           (strcmp (wanted_token_label, token_label) == 0)) {
         *slot_num = slot_index;
@@ -1198 +1198 @@
 
 
-/* 
+/*
  * This function will search the slot list to find a slot based on the slot
  * label.  If the wanted_slot_label is "none", then we will return the first
  * slot with the token presented.
- * 
+ *
  * This function return 0 if it found a matching slot; otherwise, it returns
  * -1.
@@ -1257 +1257 @@
 
   /* wanted_token_label != NULL */
-  if (strcmp(wanted_slot_label, "none") == 0) { 
+  if (strcmp(wanted_slot_label, "none") == 0) {
     for (i= 0; i < h->slot_count; i++) {
       if (h->slots[i].token_present &&
@@ -1286 +1286 @@
 }
 
-int wait_for_token_by_slotlabel(pkcs11_handle_t *h, 
+int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
                    const char *wanted_slot_label,
                    const char *wanted_token_label,
@@ -1309 +1309 @@
 }
 
-int wait_for_token(pkcs11_handle_t *h, 
+int wait_for_token(pkcs11_handle_t *h,
                    int wanted_slot_id,
                    const char *wanted_token_label,
@@ -1340 +1340 @@
     set_error("invalid slot number %d", slot);
     return -1;
-  } 
+  }
   /* open a readonly user-session */
   rv = h->fl->C_OpenSession(h->slots[slot].id, CKF_SERIAL_SESSION, NULL, NULL, &h->session);
@@ -1408 +1408 @@
 
 /* get a list of certificates */
-cert_object_t **get_certificate_list(pkcs11_handle_t *h, int *ncerts) 
+cert_object_t **get_certificate_list(pkcs11_handle_t *h, int *ncerts)
 {
   CK_BYTE *id_value;
@@ -1417 +1417 @@
   cert_object_t **certs = NULL;
   int rv;
-  
+
   CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
   CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
@@ -1640 +1640 @@
 }
 
-int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data, 
+int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data,
         CK_ULONG length, CK_BYTE **signature, CK_ULONG *signature_length)
 {
@@ -1652 +1652 @@
     set_error("Couldn't find private key for certificate");
     return -1;
-  } 
+  }
 
   /* set mechanism */

trunk/src/common/pkcs11_lib.h

@@ -25 +25 @@
 #ifndef __PKCS11_LIB_C__
 #define PKCS11_EXTERN extern
-#else 
+#else
 #define PKCS11_EXTERN
 #endif
@@ -39 +39 @@
 PKCS11_EXTERN const char *get_slot_tokenlabel(pkcs11_handle_t *h);
 PKCS11_EXTERN int wait_for_token(pkcs11_handle_t *h,
-                                 int wanted_slot_num, 
+                                 int wanted_slot_num,
                                  const char *wanted_token_label,
                                  unsigned int *slot);
@@ -50 +50 @@
                                  unsigned int *slot);
 PKCS11_EXTERN int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
-                                 const char *wanted_slot_label, 
+                                 const char *wanted_slot_label,
                                  const char *wanted_token_label,
                                  unsigned int *slot);
@@ -59 +59 @@
 PKCS11_EXTERN int pkcs11_login(pkcs11_handle_t *h, char *password);
 PKCS11_EXTERN int pkcs11_pass_login(pkcs11_handle_t *h, int nullok);
-PKCS11_EXTERN cert_object_t **get_certificate_list(pkcs11_handle_t *h, 
+PKCS11_EXTERN cert_object_t **get_certificate_list(pkcs11_handle_t *h,
                                                   int *ncert);
 PKCS11_EXTERN int get_private_key(pkcs11_handle_t *h, cert_object_t *);

trunk/src/common/rsaref/PKCS11_README

@@ -4 +4 @@
 
 License to copy and use this software is granted provided that it is identified
-as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" 
-in all material mentioning or referencing this software or this function. 
+as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)"
+in all material mentioning or referencing this software or this function.
 
 License is also granted to make and use derivative works provided that such
 works are identified as "derived from the RSA Security Inc. PKCS #11
 Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-referencing the derived work.  
+referencing the derived work.
 
 This software is provided AS IS and RSA Security, Inc. disclaims all warranties

trunk/src/common/rsaref/pkcs11.h

@@ -42 +42 @@
  * License is also granted to make and use derivative works provided that
  * such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
  * referencing the derived work.
 
- * RSA Security Inc. makes no representations concerning either the 
+ * RSA Security Inc. makes no representations concerning either the
  * merchantability of this software or the suitability of this software for
  * any particular purpose. It is provided "as is" without express or implied

trunk/src/common/rsaref/pkcs11f.h

@@ -8 +8 @@
  * License is also granted to make and use derivative works provided that
  * such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
  * referencing the derived work.
 
- * RSA Security Inc. makes no representations concerning either the 
+ * RSA Security Inc. makes no representations concerning either the
  * merchantability of this software or the suitability of this software for
  * any particular purpose. It is provided "as is" without express or implied
@@ -521 +521 @@
 
 /* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
+ * where the signature is (will be) an appendix to the data,
  * and plaintext cannot be recovered from the signature. */
 CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
@@ -532 +532 @@
 
 
-/* C_SignFinal finishes a multiple-part signature operation, 
+/* C_SignFinal finishes a multiple-part signature operation,
  * returning the signature. */
 CK_PKCS11_FUNCTION_INFO(C_SignFinal)
@@ -582 +582 @@
 
 
-/* C_Verify verifies a signature in a single-part operation, 
+/* C_Verify verifies a signature in a single-part operation,
  * where the signature is an appendix to the data, and plaintext
  * cannot be recovered from the signature. */
@@ -597 +597 @@
 
 /* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data, 
+ * operation, where the signature is an appendix to the data,
  * and plaintext cannot be recovered from the signature. */
 CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
@@ -714 +714 @@
 
 
-/* C_GenerateKeyPair generates a public-key/private-key pair, 
+/* C_GenerateKeyPair generates a public-key/private-key pair,
  * creating new key objects. */
 CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)

trunk/src/common/rsaref/pkcs11t.h

@@ -8 +8 @@
  * License is also granted to make and use derivative works provided that
  * such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
  * referencing the derived work.
 
- * RSA Security Inc. makes no representations concerning either the 
+ * RSA Security Inc. makes no representations concerning either the
  * merchantability of this software or the suitability of this software for
  * any particular purpose. It is provided "as is" without express or implied
@@ -171 +171 @@
 
 /* The flags parameter is defined as follows:
- *      Bit Flag                    Mask        Meaning 
+ *      Bit Flag                    Mask        Meaning
  */
 #define CKF_RNG                     0x00000001  /* has random #
@@ -207 +207 @@
 
 /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
- * token has been initialized using C_InitializeToken or an 
+ * token has been initialized using C_InitializeToken or an
  * equivalent mechanism outside the scope of PKCS #11.
- * Calling C_InitializeToken when this flag is set will cause 
+ * Calling C_InitializeToken when this flag is set will cause
  * the token to be reinitialized. */
 #define CKF_TOKEN_INITIALIZED       0x00000400
 
-/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is 
- * true, the token supports secondary authentication for 
+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
+ * true, the token supports secondary authentication for
  * private key objects. */
 #define CKF_SECONDARY_AUTHENTICATION  0x00000800
 
-/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an 
- * incorrect user login PIN has been entered at least once 
+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
+ * incorrect user login PIN has been entered at least once
  * since the last successful authentication. */
 #define CKF_USER_PIN_COUNT_LOW       0x00010000
@@ -227 +227 @@
 #define CKF_USER_PIN_FINAL_TRY       0x00020000
 
-/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the 
- * user PIN has been locked. User login to the token is not 
+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
+ * user PIN has been locked. User login to the token is not
  * possible. */
 #define CKF_USER_PIN_LOCKED          0x00040000
 
-/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 
- * the user PIN value is the default value set by token 
+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
+ * the user PIN value is the default value set by token
  * initialization or manufacturing, or the PIN has been
  * expired by the card. */
 #define CKF_USER_PIN_TO_BE_CHANGED   0x00080000
 
-/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an 
- * incorrect SO login PIN has been entered at least once since 
+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
+ * incorrect SO login PIN has been entered at least once since
  * the last successful authentication. */
 #define CKF_SO_PIN_COUNT_LOW         0x00100000
@@ -247 +247 @@
 #define CKF_SO_PIN_FINAL_TRY         0x00200000
 
-/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO 
+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
  * PIN has been locked. SO login to the token is not possible.
  */
 #define CKF_SO_PIN_LOCKED            0x00400000
 
-/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 
- * the SO PIN value is the default value set by token 
+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
+ * the SO PIN value is the default value set by token
  * initialization or manufacturing, or the PIN has been
  * expired by the card. */
@@ -421 +421 @@
 #define CKA_SERIAL_NUMBER      0x00000082
 
-/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new 
+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
  * for v2.10 */
 #define CKA_AC_ISSUER          0x00000083
@@ -487 +487 @@
 #define CKA_EC_POINT           0x00000181
 
-/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, 
+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
  * CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
  * are new for v2.10 */
@@ -622 +622 @@
 #define CKM_SHA_1_HMAC_GENERAL         0x00000222
 
-/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, 
+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
  * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
  * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
@@ -1040 +1040 @@
 #define CKF_DONT_BLOCK     1
 
-/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. 
- * CK_RSA_PKCS_OAEP_MGF_TYPE  is used to indicate the Message 
- * Generation Function (MGF) applied to a message block when 
- * formatting a message block for the PKCS #1 OAEP encryption 
+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
+ * CK_RSA_PKCS_OAEP_MGF_TYPE  is used to indicate the Message
+ * Generation Function (MGF) applied to a message block when
+ * formatting a message block for the PKCS #1 OAEP encryption
  * scheme. */
 typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
@@ -1052 +1052 @@
 #define CKG_MGF1_SHA1         0x00000001
 
-/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. 
+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
  * CK_RSA_PKCS_OAEP_SOURCE_TYPE  is used to indicate the source
- * of the encoding parameter when formatting a message block 
+ * of the encoding parameter when formatting a message block
  * for the PKCS #1 OAEP encryption scheme. */
 typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
@@ -1064 +1064 @@
 
 /* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
- * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the 
+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
  * CKM_RSA_PKCS_OAEP mechanism. */
 typedef struct CK_RSA_PKCS_OAEP_PARAMS {
@@ -1127 +1127 @@
 typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
 
-/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the 
+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
  * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
 typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
@@ -1138 +1138 @@
 
 /* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
- * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the 
+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
  * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
  * contributes one key pair */
@@ -1152 +1152 @@
 
 /* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
- * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the 
+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
  * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
  * mechanisms, where each party contributes two key pairs */
@@ -1386 +1386 @@
 
 /* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
- * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to 
- * indicate the Pseudo-Random Function (PRF) used to generate 
+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
+ * indicate the Pseudo-Random Function (PRF) used to generate
  * key bits using PKCS #5 PBKDF2. */
 typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
@@ -1399 +1399 @@
 
 /* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
- * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the 
- * source of the salt value when deriving a key using PKCS #5 
+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
+ * source of the salt value when deriving a key using PKCS #5
  * PBKDF2. */
 typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
@@ -1410 +1410 @@
 
 /* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
- * CK_PKCS5_PBKD2_PARAMS is a structure that provides the 
+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
  * parameters to the CKM_PKCS5_PBKD2 mechanism. */
 typedef struct CK_PKCS5_PBKD2_PARAMS {

trunk/src/common/secutil.h

@@ -69 +69 @@
 
 #ifdef SECUTIL_NEW
-typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item, 
+typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
                            char *msg, int level);
 #else
@@ -102 +102 @@
 
 /*
-** Blind check of a password. Complement to SEC_CheckPassword which 
+** Blind check of a password. Complement to SEC_CheckPassword which
 ** ignores length and content type, just retuning DSTrue is the password
 ** exists, DSFalse if NULL
@@ -144 +144 @@
 
 /*
-** Should be called once during initialization to set the default 
+** Should be called once during initialization to set the default
 **    directory for looking for cert.db, key.db, and cert-nameidx.db files
-** Removes trailing '/' in 'base' 
+** Removes trailing '/' in 'base'
 ** If 'base' is NULL, defaults to set to .netscape in home directory.
 */
 extern char *SECU_ConfigDirectory(const char* base);
 
-/* 
+/*
 ** Basic callback function for SSL_GetClientAuthDataHook
 */
@@ -171 +171 @@
 /* print information about cert verification failure */
 extern void
-SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, 
-        CERTCertificate *cert, PRBool checksig, 
+SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
+        CERTCertificate *cert, PRBool checksig,
         SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
 
@@ -180 +180 @@
 
 /* Read in a DER from a file, may be ascii  */
-extern SECStatus 
+extern SECStatus
 SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii);
 
@@ -229 +229 @@
 /* Dump all certificate nicknames in a database */
 extern SECStatus
-SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out, 
+SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out,
                            PRBool sortByName, PRBool sortByTrust);
 
@@ -258 +258 @@
 
 /* Pretty-print any PKCS7 thing */
-extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, 
+extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
                                       int level);
 
@@ -319 +319 @@
 ** encodes the result.
 **      "arena" is the memory arena to use to allocate data from
-**      "sd" returned CERTSignedData 
+**      "sd" returned CERTSignedData
 **      "result" the final der encoded data (memory is allocated)
 **      "buf" the input data to sign
@@ -365 +365 @@
 
 /* Encodes and adds extensions to the CRL or CRL entries. */
-SECStatus 
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, 
-                                void *value, PRBool criticality, int extenType, 
+SECStatus
+SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
+                                void *value, PRBool criticality, int extenType,
                                 EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
 
@@ -373 +373 @@
 /*
  *
- *  Utilities for parsing security tools command lines 
+ *  Utilities for parsing security tools command lines
  *
  */
@@ -396 +396 @@
 
 /*  fill the "arg" and "activated" fields for each flag  */
-SECStatus 
+SECStatus
 SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd);
 char *

trunk/src/common/strings.h

@@ -84 +84 @@
 
 /**
- * Convert a colon-separated hexadecimal data into a byte array, 
+ * Convert a colon-separated hexadecimal data into a byte array,
  * store result into a previously allocated space
  *@param str String to be parsed
@@ -108 +108 @@
  * using dest as pre-allocated destination memory for the resulting array
  *
- * To free() memory used by this call, just call free result pointer 
+ * To free() memory used by this call, just call free result pointer
  *@param str String to be parsed
  *@param sep Character to be used as separator
@@ -118 +118 @@
 
 /**
- * Remove all extra spaces from a string. 
+ * Remove all extra spaces from a string.
  * a char is considered space if trues isspace()
  *

trunk/src/common/uri.c

@@ -27 +27 @@
 #include "strings.h"
 
-static const char *valid_urls[]= 
+static const char *valid_urls[]=
                 {"file:///","http://","https://","ftp://","ldap://",NULL};
-/* 
-comodity functions 
+/*
+comodity functions
 Analize provided pathname and check type
 Returns 1 on true, 0 on false, -1 on error

trunk/src/mappers/cn_mapper.c

@@ -42 +42 @@
 /*
 * This mapper uses the common name (CN) entry on the certificate to
-* find user name. 
+* find user name.
 * When a mapfile is specified, try to map CN entry to a user login
 */

trunk/src/mappers/cn_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of cn_mapper.h */
 #endif

trunk/src/mappers/digest_mapper.c

@@ -110 +110 @@
         mapper_module *pt;
         const char *hash_alg_string = NULL;
-        if (blk) { 
+        if (blk) {
         debug = scconf_get_bool( blk,"debug",0);
         hash_alg_string = scconf_get_str( blk,"algorithm","sha1");

trunk/src/mappers/digest_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of digest_mapper.h */
 #endif

trunk/src/mappers/generic_mapper.c

@@ -52 +52 @@
                 return NULL;
         }
-        return cert_info(x509, id_type, ALGORITHM_NULL); 
+        return cert_info(x509, id_type, ALGORITHM_NULL);
 }
 
@@ -131 +131 @@
             DBG2("Trying to match generic_mapped entry '%s' with login '%s'",str,login);
             if (ignorecase) {
-                if (! strcasecmp(str,login) ) return 1; 
+                if (! strcasecmp(str,login) ) return 1;
             } else {
-                if (! strcmp(str,login) ) return 1; 
+                if (! strcmp(str,login) ) return 1;
             }
         }
@@ -167 +167 @@
         mapper_module *pt;
         const char *item="cn";
-        if (blk) { 
+        if (blk) {
         debug = scconf_get_bool( blk,"debug",0);
         ignorecase = scconf_get_bool( blk,"ignorecase",0);
@@ -173 +173 @@
         mapfile= scconf_get_str(blk,"mapfile",mapfile);
         item= scconf_get_str(blk,"cert_item","cn");
-        } else { 
+        } else {
                 /* should not occurs, but... */
                 DBG1("No block declaration for mapper '%s'",name);

trunk/src/mappers/generic_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of generic_mapper.h */
 #endif

trunk/src/mappers/krb_mapper.c

@@ -37 +37 @@
 
 /*
-* This mapper uses (if available) the optional Kerberos Principal Name 
+* This mapper uses (if available) the optional Kerberos Principal Name
 * entry on the certificate to find user name.
 */

trunk/src/mappers/krb_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of krb_mapper.h */
 #endif

trunk/src/mappers/ldap_mapper.c

@@ -64 +64 @@
 
 /*
- * TODO: 
+ * TODO:
  * - Support for SASL-AUTH not included yet, I can't test it
- *  
+ *
  * - ldap_unbind (*ld) crash if you connect to a SSL port but have set TLS intead SSL
  *   - no idea why!?
  *   - you got no error-massage from your application
  *   - believe skip ldap_unbind (*ld) for a bind handle isn't a good solution
- * 
+ *
  * - implement searchtimeout
  * - implement ignorecase
@@ -88 +88 @@
 #ifndef LDAPS_PORT
 #define LDAPS_PORT 636
-#endif 
+#endif
 
 
@@ -117 +117 @@
 static int tls_checkpeer=-1;
 static const char *tls_ciphers="";
-static const char *tls_cert=""; 
+static const char *tls_cert="";
 static const char *tls_key="";
 #endif
 
-static int ldapVersion = 3;             
+static int ldapVersion = 3;
 #ifdef HAVE_LDAP_SET_OPTION
 static int timeout = 8;                 /* 8 seconds */
@@ -128 +128 @@
 
 static const int sscope[] = {
-        LDAP_SCOPE_BASE, 
-        LDAP_SCOPE_ONELEVEL, 
+        LDAP_SCOPE_BASE,
+        LDAP_SCOPE_ONELEVEL,
         LDAP_SCOPE_SUBTREE};
 
@@ -141 +141 @@
         char uribuf[512];
         char *p;
-        
+
         DBG("do_init():");
 
@@ -174 +174 @@
     {
                 size_t urilen = (p - uri);
-                
+
                 if (urilen >= sizeof (uribuf))
                 {
                         return LDAP_UNAVAILABLE;
                 }
-                
+
                 memcpy (uribuf, uri, urilen);
                 uribuf[urilen] = '\0';
-                
+
                 ldapdefport = atoi (p + 1);
                 uri = uribuf;
@@ -205 +205 @@
 
 #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS))
-/* 
+/*
  * Set the ssl option
  */
@@ -280 +280 @@
         if (strncmp(tls_cert,"",1))
     {
-            rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, 
+            rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
                 tls_cert);
             if (rc != LDAP_SUCCESS)
@@ -292 +292 @@
         if (strncmp(tls_key,"",1))
         {
-                rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, 
+                rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
                         tls_key);
                 if (rc != LDAP_SUCCESS)
@@ -314 +314 @@
 
         /*
-         * set timelimit in ld for select() call in ldap_pvt_connect() 
+         * set timelimit in ld for select() call in ldap_pvt_connect()
          * function implemented in libldap2's os-ip.c
          */
@@ -322 +322 @@
 DBG2("do_bind(): bind DN=\"%s\" pass=\"%s\"",binddn,passwd);
 
-        /* LDAPv3 doesn't need bind at all, 
+        /* LDAPv3 doesn't need bind at all,
          * nevertheless, if no binddn is given than bind anonymous */
         if ( ! strncmp(binddn,"",1) ) {
@@ -333 +333 @@
         {
 DBG("do_bind: rv < 0");
-                
+
 #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
                 if (ldap_get_option (ldap_connection, LDAP_OPT_ERROR_NUMBER, &rc) !=
@@ -362 +362 @@
         {
 DBG("do_bind rc=0");
-                
+
                 ldap_abandon (ldap_connection, rv);
         }
@@ -376 +376 @@
 static int do_open (LDAP **ld, const char* uri, int defport, ldap_ssl_options_t ssl_on_local)
 {
-        
-#if defined(LDAP_OPT_NETWORK_TIMEOUT) || defined(HAVE_LDAP_START_TLS)   
+
+#if defined(LDAP_OPT_NETWORK_TIMEOUT) || defined(HAVE_LDAP_START_TLS)
         struct timeval tv;
 #endif
@@ -384 +384 @@
         LDAPMessage *res = NULL;
         int msgid;
-#endif  
+#endif
         int rc;
 
         rc = do_init (ld, uri, defport);
-        
+
         if (rc != LDAP_SUCCESS)
         {
@@ -533 +533 @@
                         return LDAP_UNAVAILABLE;
                 }
-#endif          
+#endif
     }
-        
+
         rc = do_bind (*ld, bind_timelimit);
         if (rc != LDAP_SUCCESS)
@@ -619 +619 @@
 
         /* Put the login to the %s in Filterstring */
-        snprintf(filter_str, sizeof(filter_str), filter, login); 
+        snprintf(filter_str, sizeof(filter_str), filter, login);
 
         DBG1("ldap_get_certificate(): filter_str = %s", filter_str);
-        
+
         /* parse and split URI config entry */
         buffer = uribuf;
@@ -637 +637 @@
                         if (q != NULL)
                                 *q = '\0';
-                        
+
                         if( strlen(p) > 1 ) /* SAW: don't add spaces */
                                 rv = ldap_add_uri (uris, p, &buffer, &buflen);
-                        
+
                         p = (q != NULL) ? ++q : NULL;
-                        
+
                         if (rv)
                                 break;
@@ -663 +663 @@
         {
                 /* No port specified in URI and non-default port specified */
-                snprintf (uri, sizeof (uri), "%s%s:%d", 
+                snprintf (uri, sizeof (uri), "%s%s:%d",
                        ssl_on == SSL_LDAPS ? "ldaps://" : "ldap://",
                        ldaphost, ldapport);
@@ -674 +674 @@
                 return(-1);
     }
-        
+
         /* Attempt to connect to specified URI in order until do_open succeed */
         start_uri = current_uri;
@@ -686 +686 @@
                         break;
                 current_uri++;
-                
+
                 if (uris[current_uri] == NULL)
                         current_uri = 0;
         }
         while (current_uri != start_uri);
-        
+
         if( rv != LDAP_SUCCESS )
         {
@@ -706 +706 @@
 
         rv = ldap_search_s(
-                                ldap_connection, 
-                                base, 
-                                sscope[scope], 
-                                filter_str, 
-                                attrs, 
-                                0, 
+                                ldap_connection,
+                                base,
+                                sscope[scope],
+                                filter_str,
+                                attrs,
+                                0,
                                 &res);
         if ( rv != LDAP_SUCCESS ) {
@@ -722 +722 @@
 
                 if( entries > 1 ) {
-                        DBG("!  Warning, more than one entry found. Please choose \"filter\" and"); 
+                        DBG("!  Warning, more than one entry found. Please choose \"filter\" and");
                         DBG("!  \"attribute\" in ldap mapper config section of your config,");
                         DBG("!  that only one entry with one attribute is matched");
@@ -728 +728 @@
                         DBG("!  entries in your LDAP server.");
                 }
-                                
-                /* Only first entry is used. "filter" and "attribute" 
+
+                /* Only first entry is used. "filter" and "attribute"
                  *  should be choosen, so that only one entry with
                  * one attribute is returned */
@@ -750 +750 @@
 
                 DBG1("number of user certificates = %d", certcnt);
-        
+
                 ldap_x509 = malloc(sizeof(X509*) * certcnt );
                 if (NULL == ldap_x509)
@@ -757 +757 @@
                         return(-7);
                 }
-                
+
                 rv = 0;
                 while(rv < certcnt )
@@ -766 +766 @@
                         if (NULL == ldap_x509[rv]) {
                                 DBG1("d2i_X509() failed for certificate %d", rv);
-                                free(ldap_x509);                                
+                                free(ldap_x509);
                                 certcnt=0;
                                 ldap_msgfree(res);
@@ -807 +807 @@
 
         ssltls =  scconf_get_str(blk,"ssl","off");
-        if (! strncasecmp (ssltls, "tls", 3)) 
+        if (! strncasecmp (ssltls, "tls", 3))
                 ssl_on = SSL_START_TLS;
         else if( ! strncasecmp (ssltls, "on", 2))
@@ -813 +813 @@
         else if( ! strncasecmp (ssltls, "ssl", 3))
                 ssl_on = SSL_LDAPS;
-                
+
 #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS))
         /* TLS specific options */
@@ -821 +821 @@
         tls_checkpeer=scconf_get_int(blk,"tls_checkpeer",tls_checkpeer);
         tls_ciphers = scconf_get_str(blk,"tls_ciphers",tls_ciphers);
-        tls_cert = scconf_get_str(blk,"tls_cert",tls_cert); 
+        tls_cert = scconf_get_str(blk,"tls_cert",tls_cert);
         tls_key = scconf_get_str(blk,"tls_key",tls_key);
 #endif
@@ -849 +849 @@
         DBG1("tls_checkpeer = %d", tls_checkpeer);
         DBG1("tls_ciphers   = %s", tls_ciphers);
-        DBG1("tls_cert      = %s", tls_cert); 
-        DBG1("tls_key       = %s", tls_key);    
+        DBG1("tls_cert      = %s", tls_cert);
+        DBG1("tls_key       = %s", tls_key);
 #endif
         return 1;
@@ -884 +884 @@
                                 DBG1("Certificate %d is matching", i);
                                 match_found = 1;
-                        } else { 
+                        } else {
                                 DBG1("Certificate %d is NOT matching", i);
                         }
                         i++;
                 }
-                if (certcnt) 
+                if (certcnt)
                         free(ldap_x509);
                 certcnt=0;
@@ -915 +915 @@
 
 #ifdef false
-        int res;        
+        int res;
         res= ldap_mapper_match_user(x509,"wefel",context);
         if (res) {
@@ -924 +924 @@
         }
 #endif
-        
+
         return found;
 }

trunk/src/mappers/ldap_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of ldap_mapper.h */
 #endif

trunk/src/mappers/mail_mapper.c

@@ -38 +38 @@
 
 /*
-* This mapper uses (if available) the optional email entry on the certificate 
+* This mapper uses (if available) the optional email entry on the certificate
 * to find user name.
 */

trunk/src/mappers/mail_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of mail_mapper.h */
 #endif

trunk/src/mappers/mapper.c

@@ -47 +47 @@
 * load url and store into mapfile
 * returns struct or NULL on error
-*/ 
+*/
 struct mapfile *set_mapent(const char *url) {
         int res;
@@ -127 +127 @@
         if (!mfile) return;
         /* don't free uri: is a scconf provided "const char *" */;
-        /* free (mfile->uri); */ 
+        /* free (mfile->uri); */
         /* don't free key/value: they are pointers to somewhere in buffer */
         /* free (mfile->value); */

trunk/src/mappers/mapper.h

@@ -36 +36 @@
 
 /**
-* Structure to be filled on mapper module initialization 
+* Structure to be filled on mapper module initialization
 */
 typedef struct mapper_module_st {
     /** mapper name */
-    const char *name;   
+    const char *name; 
     /** mapper configuration block */
-    scconf_block *block; 
+    scconf_block *block;
     /** debug level to set before call entry points */
-    int  dbg_level;     
+    int  dbg_level; 
     /** pointer to mapper local data */
-    void *context;      
+    void *context; 
     /** cert. entries enumerator */
-    char **(*entries)(X509 *x509, void *context); 
+    char **(*entries)(X509 *x509, void *context);
     /** cert. login finder */
-    char *(*finder)(X509 *x509, void *context); 
+    char *(*finder)(X509 *x509, void *context);
     /** cert-to-login matcher*/
-    int (*matcher)(X509 *x509, const char *login, void *context); 
+    int (*matcher)(X509 *x509, const char *login, void *context);
     /** module de-initialization */
-    void (*deinit)( void *context);     
+    void (*deinit)( void *context); 
 } mapper_module;
 
@@ -65 +65 @@
         const char *uri;
         /** buffer to content of mapfile */
-        char *buffer;   
+        char *buffer;
         /** lenght of buffer */
-        size_t length;  
+        size_t length;
         /** pointer to last readed entry in buffer */
-        char *pt;       
+        char *pt;
         /** key entry in current buffer */
-        char *key;      
+        char *key;
         /** value assigned to key */
-        char *value;    
+        char *value;
 };
 
@@ -124 +124 @@
 * Try to map "key" to provided mapfile
 *@param file URL of map file
-*@param key String to be mapped 
+*@param key String to be mapped
 *@param ignorecase Flag to indicate upper/lowercase ignore in string compare
 *@return key on no match, else a clone_str()'d of found mapping
@@ -182 +182 @@
 *@param x509 X509 Certificate
 *@param context Mapper context
-*@return Found user, or NULL 
+*@return Found user, or NULL
 */
 #define _DEFAULT_MAPPER_FIND_USER                                       \
@@ -210 +210 @@
 }
 
-/** 
+/**
 * Macro for de-initialization routine
 *@param context Mapper context

trunk/src/mappers/mapperlist.h

@@ -41 +41 @@
 extern mapper_list static_mapper_list[];
 #endif
-        
+
 /* End of mapperlist.h */
 #endif

trunk/src/mappers/ms_mapper.c

@@ -37 +37 @@
 
 /*
-* This mapper uses (if available) the optional MS's Universal Principal Name 
+* This mapper uses (if available) the optional MS's Universal Principal Name
 * entry on the certificate to find user name.
 * According with MS documentation, UPN has following structure:
@@ -43 +43 @@
 * UPN OtherName: user@domain.com
 * UPN encoding:ASN1 UTF8
-* 
+*
 * As UPN has in-built login and domain, No mapping file is used: login
 * is implicit.
@@ -146 +146 @@
         /* parse list of uids until match */
         for (str=*entries; str && (match_found==0); str=*++entries) {
-            char *login; 
+            char *login;
             if (ignorecase) login= check_upn(tolower_str(str));
             else            login= check_upn(clone_str(str));

trunk/src/mappers/ms_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of ms_mapper.h */
 #endif

trunk/src/mappers/null_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of null_mapper.h */
 #endif

trunk/src/mappers/opensc_mapper.c

@@ -51 +51 @@
 /**
 * This mapper try to locate user by comparing authorized certificates
-* from each $HOME/.eid/authorized_certificates user entry, 
+* from each $HOME/.eid/authorized_certificates user entry,
 * as stored by OpenSC package
 */

trunk/src/mappers/opensc_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of opensc_mapper.h */
 #endif

trunk/src/mappers/openssh_mapper.c

@@ -53 +53 @@
 #include "openssh_mapper.h"
 
-/* TODO 
+/* TODO
 Not sure on usage of authorized keys map file...
-So the first version, will use getpwent() to navigate across all users 
+So the first version, will use getpwent() to navigate across all users
 and parsing ${userhome}/.ssh/authorized_keys
 */
@@ -173 +173 @@
 
         /* now: key_from_blob */
-        if (strncmp((char *)&decoded[i], "ssh-rsa", 7) != 0) return NULL; 
+        if (strncmp((char *)&decoded[i], "ssh-rsa", 7) != 0) return NULL;
         i += len;
 
@@ -317 +317 @@
 
 /*
-parses the certificate and return the _first_ user that matches public key 
+parses the certificate and return the _first_ user that matches public key
 */
 static char * openssh_mapper_find_user(X509 *x509, void *context) {

trunk/src/mappers/openssh_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of openssh_mapper.h */
 #endif

trunk/src/mappers/pwent_mapper.c

@@ -41 +41 @@
 * This mapper search the common name (CN) of the certificate in
 * getpwent() passwd entries by trying to match login or gecos fields
-* 
+*
 * note: nss implementations use /etc/nsswitch.conf as indicator to
 * where to retrieve pw entries ( see man 5 nsswitch.conf )
@@ -98 +98 @@
 static int pwent_mapper_match_user(X509 *x509, const char *login, void *context) {
         char *str;
-        struct passwd *pw = getpwnam(login); 
+        struct passwd *pw = getpwnam(login);
         char **entries  = cert_info(x509,CERT_CN,ALGORITHM_NULL);
         if (!entries) {

trunk/src/mappers/pwent_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of pwent_mapper.h */
 #endif

trunk/src/mappers/subject_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of subject_mapper.h */
 #endif

trunk/src/mappers/uid_mapper.c

@@ -38 +38 @@
 /*
 * This mapper uses the Unique ID (UID) entry on the certificate to
-* find user name. 
+* find user name.
 */
 
@@ -47 +47 @@
 /**
 * Return the list of UID's on this certificate
-*/ 
+*/
 static char ** uid_mapper_find_entries(X509 *x509, void *context) {
         char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL);

trunk/src/mappers/uid_mapper.h

@@ -43 +43 @@
 /* end of static (if any) declarations */
 #endif
-        
+
 /* End of uid_mapper.h */
 #endif

trunk/src/pam_pkcs11/mapper_mgr.c

@@ -87 +87 @@
                 res->dbg_level=get_debug_level();
                 set_debug_level(old_level);
-            } 
+            }
             if ( !mapper_init ) {
                 DBG1("Static mapper '%s' not found",name);
@@ -99 +99 @@
                 return NULL;
             }
-            mapper_init = ( mapper_module * (*)(scconf_block *blk, const char *mapper_name) ) 
+            mapper_init = ( mapper_module * (*)(scconf_block *blk, const char *mapper_name) )
                 dlsym(handler,"mapper_module_init");
             if ( !mapper_init) {
@@ -131 +131 @@
 
 void unload_module( struct mapper_instance *module ) {
-        if (!module) { 
+        if (!module) {
                 DBG("Trying to unmap empty module");
                 return;
@@ -142 +142 @@
                 set_debug_level(old_level);
         }
-        if (module->module_handler) { 
+        if (module->module_handler) {
                 DBG1("unloading module %s",module->module_name);
                 dlclose(module->module_handler);
@@ -186 +186 @@
             struct mapper_instance *module = load_module(ctx,name);
             if (module) {
-                struct mapper_listitem *item= 
+                struct mapper_listitem *item=
                     (struct mapper_listitem *) malloc(sizeof(struct mapper_listitem));
                 if (!item) {
@@ -201 +201 @@
                 } else { /* insert at end of list */
                         last->next= item;
-                        last = item;    
+                        last = item;
                 }
             }
@@ -244 +244 @@
                 item=item->next;
                 continue;
-            } 
+            }
             printf("Printing data for mapper %s:\n",item->module->module_name);
             for (str=*data; str; str=*++data)

trunk/src/pam_pkcs11/mapper_mgr.h

@@ -92 +92 @@
 * This funcions goest throught the mapper list
 * and trying to get the certificate strings to be used on each
-* module to perform find/match functions. 
+* module to perform find/match functions.
 * No map / match are done: just print found strings on stdout.
 * This function is mostly used in pkcert_view toool

trunk/src/pam_pkcs11/pam_config.c

@@ -114 +114 @@
            return;
         }
-        configuration.nullok = 
+        configuration.nullok =
             scconf_get_bool(root,"nullok",configuration.nullok);
-        configuration.debug = 
+        configuration.debug =
             scconf_get_bool(root,"debug",configuration.debug);
         /*if (configuration.debug) set_debug_level(1);
         else set_debug_level(0); */
-        configuration.use_first_pass = 
+        configuration.use_first_pass =
             scconf_get_bool(root,"use_first_pass",configuration.use_first_pass);
-        configuration.try_first_pass = 
+        configuration.try_first_pass =
             scconf_get_bool(root,"try_first_pass",configuration.try_first_pass);
-        configuration.use_authok = 
+        configuration.use_authok =
             scconf_get_bool(root,"use_authok",configuration.use_authok);
-        configuration.card_only = 
+        configuration.card_only =
             scconf_get_bool(root,"card_only",configuration.card_only);
-        configuration.wait_for_card = 
+        configuration.wait_for_card =
             scconf_get_bool(root,"wait_for_card",configuration.wait_for_card);
         configuration.pkcs11_module = ( char * )
@@ -153 +153 @@
                         scconf_get_str(pkcs11_mblk,"slot_description",configuration.slot_description);
 
-            configuration.slot_num = 
+            configuration.slot_num =
                 scconf_get_int(pkcs11_mblk,"slot_num",configuration.slot_num);
 
@@ -166 +166 @@
             }
 
-            configuration.support_threads = 
+            configuration.support_threads =
                 scconf_get_bool(pkcs11_mblk,"support_threads",configuration.support_threads);
             policy_list= scconf_find_list(pkcs11_mblk,"cert_policy");
@@ -202 +202 @@
            for (count=0, tmp=screen_saver_list; tmp ; tmp=tmp->next, count++);
 
-           configuration.screen_savers = 
+           configuration.screen_savers =
                                 (char **) malloc((count+1)*sizeof(char *));
            for (i=0, tmp=screen_saver_list; tmp; tmp=tmp->next, i++) {

trunk/src/pam_pkcs11/pam_pkcs11.c

@@ -103 +103 @@
 }
 
-static void 
+static void
 pam_syslog(pam_handle_t *pamh, int priority, const char *fmt, ...)
 {
@@ -222 +222 @@
           {
                 ERR1("Remote login (from %s) is not (yet) supported", display);
-                pam_syslog(pamh, LOG_ERR, 
+                pam_syslog(pamh, LOG_ERR,
                         "Remote login (from %s) is not (yet) supported",
                         display);
@@ -234 +234 @@
   textdomain(PACKAGE);
 #endif
-  
+
   /* init openssl */
   rv = crypto_init(&configuration->policy);
@@ -254 +254 @@
    *  2) if logged in, block in pam conversation until the token used for login
    *     is inserted
-   *  3) if not logged in, block until a token that could be used for logging in 
+   *  3) if not logged in, block until a token that could be used for logging in
    *     is inserted
    * right now, logged in means PKC11_LOGIN_TOKEN_NAME is set,
@@ -274 +274 @@
 
         pkcs11_pam_fail = PAM_CRED_INSUFFICIENT;
-        
+
         /* look to see if username is already set */
         rv = pam_get_item(pamh, PAM_USER, (const void **) &user);
         if (user) {
             DBG1("explicit username = [%s]", user);
-        } 
+        }
   } else {
         sprintf(password_prompt,
@@ -289 +289 @@
 
         if (rv != PAM_SUCCESS) {
-          pam_syslog(pamh, LOG_ERR, 
+          pam_syslog(pamh, LOG_ERR,
                      "pam_get_user() failed %s", pam_strerror(pamh, rv));
           return PAM_USER_UNKNOWN;
@@ -420 +420 @@
   if (rv != PAM_SUCCESS) {
     release_pkcs11_module(ph);
-    pam_syslog(pamh, LOG_ERR, 
+    pam_syslog(pamh, LOG_ERR,
                "pam_get_pwd() failed: %s", pam_strerror(pamh, rv));
     return pkcs11_pam_fail;
@@ -433 +433 @@
     memset(password, 0, strlen(password));
     free(password);
-    pam_syslog(pamh, LOG_ERR, 
+    pam_syslog(pamh, LOG_ERR,
          "password length is zero but the 'nullok' argument was not defined.");
     return PAM_AUTH_ERR;
   }
 
-  /* call pkcs#11 login to ensure that the user is the real owner of the card 
+  /* call pkcs#11 login to ensure that the user is the real owner of the card
    * we need to do thise before get_certificate_list because some tokens
    * can not read their certificates until the token is authenticated */
@@ -444 +444 @@
   /* erase and free in-memory password data asap */
   memset(password, 0, strlen(password));
-  free(password); 
+  free(password);
   if (rv != 0) {
     ERR1("open_pkcs11_login() failed: %s", get_error());
@@ -471 +471 @@
       if (rv < 0) {
         ERR1("verify_certificate() failed: %s", get_error());
-        pam_syslog(pamh, LOG_ERR, 
+        pam_syslog(pamh, LOG_ERR,
                    "verify_certificate() failed: %s", get_error());
         goto auth_failed_nopw;
@@ -482 +482 @@
 
     if ( is_spaced_str(user) ) {
-      /* 
+      /*
         if provided user is null or empty extract and set user
         name from certificate
@@ -499 +499 @@
           if (rv != PAM_SUCCESS) {
             ERR1("pam_set_item() failed %s", pam_strerror(pamh, rv));
-            pam_syslog(pamh, LOG_ERR, 
+            pam_syslog(pamh, LOG_ERR,
                        "pam_set_item() failed %s", pam_strerror(pamh, rv));
             goto auth_failed_nopw;
@@ -528 +528 @@
   if (!chosen_cert) {
     ERR("no valid certificate which meets all requirements found");
-    pam_syslog(pamh, LOG_ERR, 
+    pam_syslog(pamh, LOG_ERR,
                "no valid certificate which meets all requirements found");
     goto auth_failed_nopw;
@@ -541 +541 @@
     if (rv != 0) {
       ERR1("get_private_key() failed: %s", get_error());
-      pam_syslog(pamh, LOG_ERR, 
+      pam_syslog(pamh, LOG_ERR,
                  "get_private_key() failed: %s", get_error());
       goto auth_failed_nopw;
@@ -557 +557 @@
     /* sign random value */
     signature = NULL;
-    rv = sign_value(ph, chosen_cert, random_value, sizeof(random_value), 
+    rv = sign_value(ph, chosen_cert, random_value, sizeof(random_value),
                     &signature, &signature_length);
     if (rv != 0) {
@@ -588 +588 @@
    */
   snprintf(env_temp, sizeof(env_temp) - 1,
-           "PKCS11_LOGIN_TOKEN_NAME=%.*s", 
+           "PKCS11_LOGIN_TOKEN_NAME=%.*s",
            (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME="),
            get_slot_tokenlabel(ph));
@@ -595 +595 @@
   if (rv != PAM_SUCCESS) {
     ERR1("could not put token name in environment: %s",
-         pam_strerror(pamh, rv)); 
+         pam_strerror(pamh, rv));
     pam_syslog(pamh, LOG_ERR, "could not put token name in environment: %s",
-           pam_strerror(pamh, rv)); 
+           pam_strerror(pamh, rv));
   }
 
@@ -604 +604 @@
   if (issuer) {
     snprintf(env_temp, sizeof(env_temp) - 1,
-           "PKCS11_LOGIN_CERT_ISSUER=%.*s", 
+           "PKCS11_LOGIN_CERT_ISSUER=%.*s",
            (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_ISSUER="),
            issuer[0]);
@@ -615 +615 @@
   if (rv != PAM_SUCCESS) {
     ERR1("could not put cert issuer in environment: %s",
-         pam_strerror(pamh, rv)); 
+         pam_strerror(pamh, rv));
     pam_syslog(pamh, LOG_ERR, "could not put cert issuer in environment: %s",
-           pam_strerror(pamh, rv)); 
+           pam_strerror(pamh, rv));
   }
 
@@ -624 +624 @@
   if (serial) {
     snprintf(env_temp, sizeof(env_temp) - 1,
-           "PKCS11_LOGIN_CERT_SERIAL=%.*s", 
+           "PKCS11_LOGIN_CERT_SERIAL=%.*s",
            (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_CERT_SERIAL="),
            serial[0]);
@@ -635 +635 @@
   if (rv != PAM_SUCCESS) {
     ERR1("could not put cert serial in environment: %s",
-         pam_strerror(pamh, rv)); 
+         pam_strerror(pamh, rv));
     pam_syslog(pamh, LOG_ERR, "could not put cert serial in environment: %s",
-           pam_strerror(pamh, rv)); 
+           pam_strerror(pamh, rv));
   }
 
@@ -677 +677 @@
 {
   ERR("Warning: Function pm_sm_acct_mgmt() is not implemented in this module");
-  pam_syslog(pamh, LOG_WARNING, 
+  pam_syslog(pamh, LOG_WARNING,
              "Function pm_sm_acct_mgmt() is not implemented in this module");
   return PAM_SERVICE_ERR;
@@ -685 +685 @@
 {
   ERR("Warning: Function pam_sm_open_session() is not implemented in this module");
-  pam_syslog(pamh, LOG_WARNING, 
+  pam_syslog(pamh, LOG_WARNING,
              "Function pm_sm_open_session() is not implemented in this module");
   return PAM_SERVICE_ERR;
@@ -693 +693 @@
 {
   ERR("Warning: Function pam_sm_close_session() is not implemented in this module");
-  pam_syslog(pamh, LOG_WARNING, 
+  pam_syslog(pamh, LOG_WARNING,
            "Function pm_sm_close_session() is not implemented in this module");
   return PAM_SERVICE_ERR;
@@ -703 +703 @@
 
   ERR("Warning: Function pam_sm_chauthtok() is not implemented in this module");
-  pam_syslog(pamh, LOG_WARNING, 
+  pam_syslog(pamh, LOG_WARNING,
              "Function pam_sm_chauthtok() is not implemented in this module");
 

trunk/src/scconf/README.scconf

@@ -19 +19 @@
   - anything else but data. No locking, no threads etc.
 
-It has heirarchical data blocks, it has lists. 
+It has heirarchical data blocks, it has lists.
 
 Similar, but different:
@@ -217 +217 @@
                          * block has an item with this key. Run the block
                          * or blocks found against the rest of this entry
-                         * Stop after the first one, unless 
-                         * SCCONF_ALL_BLOCKS is set in flags 
+                         * Stop after the first one, unless
+                         * SCCONF_ALL_BLOCKS is set in flags
         unsigned int type;
                          * SCCONF_CALLBACK
@@ -227 +227 @@
                          *              int depth);
                          *      run the callback with the block found
-                         * 
+                         *
                          * SCCONF_BLOCK
                          *      param contains a pointer to another entry table
@@ -270 +270 @@
                          *                   can be stored
                          *
-                         * 
+                         *
         unsigned int flags;
                          * SCCONF_PRESENT
@@ -299 +299 @@
 
 typedef struct _scconf_entry {
-        const char *name;               
-                         * key value for blocks and items * 
+        const char *name;
+                         * key value for blocks and items *
         unsigned int type;
                          * SCCONF_CALLBACK
@@ -308 +308 @@
                          *              scconf_entry* entry,
                          *              int depth);
-                         * 
+                         *
                          * SCCONF_BLOCK
                          *      param contains a pointer to another entry table
                          *      the entry table is added as a block to the
                          *      current block, with name as the key, and
-                         *      arg is a list of names 
+                         *      arg is a list of names
                          *
                          * SCCONF_LIST
@@ -321 +321 @@
                          *      these add key=value pairs to the current
                          *      block. The value is in parm.
-                         * 
+                         *
         unsigned int flags;
                          * SCCONF_PRESENT

trunk/src/scconf/parse.c

@@ -72 +72 @@
         parser->warnings = 1;
 
-        snprintf(parser->emesg, sizeof(parser->emesg), 
+        snprintf(parser->emesg, sizeof(parser->emesg),
                 "Line %d: missing '%s', ignoring\n",
                 parser->line, token);
@@ -355 +355 @@
                         break;
                 default:
-                        snprintf(parser->emesg, sizeof(parser->emesg), 
+                        snprintf(parser->emesg, sizeof(parser->emesg),
                                 "Line %d: bad token ignoring\n",
                                 parser->line);

trunk/src/tools/card_eventmgr.c

@@ -129 +129 @@
                 DBG1("No action list for event '%s'",action);
                 return 0;
-        } 
+        }
         DBG1("Onerror is set to: '%s'",onerrorstr);
         while (actionlist) {
@@ -136 +136 @@
                 DBG1("Executiong action: '%s'",action_cmd);
                 /*
-                there are some security issues on using system() in 
+                there are some security issues on using system() in
                 setuid/setgid programs. so we will use an alternate function
-                */ 
+                */
                 /* res=system(action_cmd); */
                 res = my_system(action_cmd);
@@ -149 +149 @@
                     case ONERROR_RETURN: return 0;
                     case ONERROR_QUIT:  thats_all_folks();
-                                        exit(0); 
+                                        exit(0);
                     default:            DBG("Invalid onerror value");
-                                        return -1;                 
+                                        return -1;
                 }
         }
@@ -347 +347 @@
         return 1;
     }
-    
+
     /* put my self into background if flag is set */
     if (daemonize) {

trunk/src/tools/pkcs11_eventmgr.c

@@ -84 +84 @@
   int current_slot;
 };
- 
+
 #endif
 
@@ -107 +107 @@
       return;
     }
- 
+
     /* release pkcs #11 module */
     DBG("releasing pkcs #11 module...");
@@ -166 +166 @@
                 DBG1("No action list for event '%s'",action);
                 return 0;
-        } 
+        }
         DBG1("Onerror is set to: '%s'",onerrorstr);
         while (actionlist) {
@@ -173 +173 @@
                 DBG1("Executiong action: '%s'",action_cmd);
                 /*
-                there are some security issues on using system() in 
+                there are some security issues on using system() in
                 setuid/setgid programs. so we will use an alternate function
-                */ 
+                */
                 /* res=system(action_cmd); */
                 res = my_system(action_cmd);
@@ -186 +186 @@
                     case ONERROR_RETURN: return 0;
                     case ONERROR_QUIT:  thats_all_folks();
-                                        exit(0); 
+                                        exit(0);
                     default:            DBG("Invalid onerror value");
-                                        return -1;                 
+                                        return -1;
                 }
         }
@@ -313 +313 @@
     struct SlotStatusStr *tmp;
     tmp = (struct SlotStatusStr *)
-            realloc(slotStatus, 
+            realloc(slotStatus,
                 (maxEntries+ENTRY_STEP)*sizeof(struct SlotStatusStr));
     if (!tmp) {
@@ -391 +391 @@
     }
 
-    /* acquire the module before we daemonize so we can return an error 
+    /* acquire the module before we daemonize so we can return an error
      * to the user if it fails */
     DBG("loading the module ...");
     if (pkcs11_module) {
 #define SPEC_TEMPLATE "library=\"%s\" name=\"SmartCard\""
-        char *moduleSpec = 
+        char *moduleSpec =
                 (char *)malloc(sizeof(SPEC_TEMPLATE) + strlen(pkcs11_module));
         if (!moduleSpec) {
@@ -403 +403 @@
         }
         sprintf(moduleSpec,SPEC_TEMPLATE, pkcs11_module);
-        DBG2("loading Module explictly, moduleSpec=<%s> module=%s\n", 
+        DBG2("loading Module explictly, moduleSpec=<%s> module=%s\n",
                                                 moduleSpec, pkcs11_module);
         module = SECMOD_LoadUserModule(moduleSpec, NULL, 0);
@@ -415 +415 @@
         }
     } else {
-        /* no module specified? look for one in the our of NSS's 
+        /* no module specified? look for one in the our of NSS's
          * secmod.db */
         SECMODModuleList *modList = SECMOD_GetDefaultModuleList();
 
-        /* threaded applications should also acquire the 
+        /* threaded applications should also acquire the
          * DefaultModuleListLock */
         DBG("Looking up new module\n");
@@ -447 +447 @@
 #endif
 
-    /* 
+    /*
      * Wait endlessly for all events in the list of readers
      * We only stop in case of an error
@@ -457 +457 @@
          * otherwise it polls by hand*/
         struct SlotStatusStr *slotStatus;
-        PK11SlotInfo *slot = SECMOD_WaitForAnyTokenEvent(module, 0, 
+        PK11SlotInfo *slot = SECMOD_WaitForAnyTokenEvent(module, 0,
                         PR_SecondsToInterval(polling_time));
 
@@ -475 +475 @@
            if (series != slotStatus->series) {
 #ifdef notdef
-                /* if one was already present, remove it 
+                /* if one was already present, remove it
                  * This can happen if you pull the token and insert it
                  * before the PK11_IsPresent call above */
@@ -542 +542 @@
     ph->should_finalize = 1;
 
-    /* 
+    /*
      * Wait endlessly for all events in the list of readers
      * We only stop in case of an error
@@ -584 +584 @@
                     DBG("Card removed, ");
                     execute_event("card_remove");
-                /* 
+                /*
                 some pkcs11's fails on reinsert card. To avoid this
-                re-initialize library on card removal 
-                */      
+                re-initialize library on card removal
+                */    
                 DBG("Re-initialising pkcs #11 module...");
                 rv = ph->fl->C_Finalize(NULL);

trunk/src/tools/pkcs11_listcerts.c

@@ -86 +86 @@
   if (configuration->slot_description != NULL) {
     rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num);
-  } else { 
+  } else {
     rv = find_slot_by_number(ph,configuration->slot_num, &slot_num);
   }
@@ -124 +124 @@
     char **name;
     X509 *cert=get_X509_certificate(certs[i]);
-    
+
     DBG1("Certificate #%d:", i+1);
     name = cert_info(cert, CERT_SUBJECT, ALGORITHM_NULL);

trunk/src/tools/pkcs11_setup.c

@@ -67 +67 @@
     char *lstitem = NULL;
     char *next;
-    
+
     while (value != NULL) {
         if ((next=strchr(value, ',')) != NULL) {
@@ -82 +82 @@
         free(lstitem);
     }
-        
+
     item = scconf_item_add(NULL, block, NULL, SCCONF_ITEM_TYPE_VALUE, option, list);
 
@@ -121 +121 @@
     for (i=0; pkcs11_blocks[i]; i++) {
         void *libhandle;
-        const char *path = 
+        const char *path =
                 scconf_get_str(pkcs11_blocks[i], "module", NULL);
         /* check to see if the module exists on the system */
@@ -136 +136 @@
         }
     }
-    
+
     result = 0;
 
-bail: 
+bail:
     if (ctx) {
         scconf_free(ctx);
@@ -169 +169 @@
     result = 0;
 
-    bail: 
+    bail:
     if (ctx) {
         scconf_free(ctx);
@@ -231 +231 @@
         result = scconf_write(ectx, NULL);
 
-bail: 
+bail:
         if (modules) {
                 free(modules);
@@ -241 +241 @@
                 scconf_free(ectx);
         }
-        
+
         return result;
 }
@@ -267 +267 @@
                 goto bail;
         }
-        event_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event", 
+        event_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event",
                                                 "card_insert");
         if (!event_blocks || !event_blocks[0]) {
@@ -315 +315 @@
                 goto bail;
         }
-        insert_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, 
+        insert_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr,
                                                 "event", "card_insert");
         if (!insert_blocks || !insert_blocks[0]) {
@@ -357 +357 @@
                 goto bail;
         }
-        event_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event", 
+        event_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, "event",
                                                 "card_remove");
         if (!event_blocks || !event_blocks[0]) {
@@ -405 +405 @@
                 goto bail;
         }
-        insert_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr, 
+        insert_blocks = scconf_find_blocks(ctx, pkcs11_eventmgr,
                                                 "event", "card_remove");
         if (!insert_blocks || !insert_blocks[0]) {
@@ -430 +430 @@
     unsigned int pname;
     const char *params[NUM_PARAMS];
-    
+
     memset(params, '\0', sizeof(params));
-    
+
     for (i = 1; i < argc; i++) {
         for (pname = 0; pname < NUM_PARAMS; pname++) {
@@ -448 +448 @@
                         params[pname] = (void *)1;
                     }
-                } 
-        }
-    }
-    
+                }
+        }
+    }
+
     for (pname = 0; pname < NUM_PARAMS; pname++) {
             if (params[pname] != NULL)
                 break;
     }
-    
+
     if (pname == NUM_PARAMS) {
         DBG("No correct parameter specified");
@@ -463 +463 @@
                "                    [rm_action[=<executable,executable,...>]]\n");
     }
-    
+
     if (params[LIST_MODULES] != NULL) {
         DBG("List modules:");
         return list_modules();
-    } 
+    }
     else {
         if (params[USE_MODULE] == (void *)1) {
@@ -491 +491 @@
             }
             return 0;
-        }       
+        }
         else if (params[INS_ACTION] != NULL) {
             DBG1("Set card insert action: %s", params[INS_ACTION]);
@@ -506 +506 @@
             }
             return 0;
-        }        
+        }
         else if (params[RM_ACTION] != NULL) {
             DBG1("Set card remove action: %s", params[RM_ACTION]);
@@ -513 +513 @@
                 return i;
             }
-        }        
+        }
     }
     DBG("Process completed");

trunk/src/tools/pklogin_finder.c

@@ -88 +88 @@
   if (configuration->slot_description != NULL) {
     rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num);
-  } else { 
+  } else {
     rv = find_slot_by_number(ph,configuration->slot_num, &slot_num);
   }