Loading apps/s_server.c +7 −1 Original line number Diff line number Diff line Loading @@ -1347,7 +1347,13 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); #ifndef OPENSSL_NO_KRB5 if (con->kssl_ctx->client_princ != NULL) { BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", con->kssl_ctx->client_princ); } #endif /* OPENSSL_NO_KRB5 */ return(1); } Loading ssl/kssl.c +26 −9 Original line number Diff line number Diff line Loading @@ -1497,7 +1497,8 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, &krb5ticket->enc_part2->client->realm, krb5ticket->enc_part2->client->data)) krb5ticket->enc_part2->client->data, krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); Loading Loading @@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) } /* Given a (krb5_data *) entity (and optional realm), /* Given an array of (krb5_data *) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm, krb5_data *entity) krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; Loading @@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } if (*princ) free(*princ); length = entity->length + ((realm)? realm->length + 2: 1); /* Add up all the entity->lengths */ length = 0; for (i=0; i < nentities; i++) { length += entity[i].length; } /* Add in space for the '/' character(s) (if any) */ length += nentities-1; /* Space for the ('@'+realm+NULL | NULL) */ length += ((realm)? realm->length + 2: 1); if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else { strncpy(*princ, entity->data, entity->length); (*princ)[entity->length]='\0'; for (i = 0; i < nentities; i++) { strncat(*princ, entity[i].data, entity[i].length); if (i < nentities-1) { strcat (*princ, "/"); } } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); (*princ)[entity->length+1+realm->length]='\0'; } } Loading ssl/kssl.h +1 −1 Original line number Diff line number Diff line Loading @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm, krb5_data *entity); krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, Loading Loading
apps/s_server.c +7 −1 Original line number Diff line number Diff line Loading @@ -1347,7 +1347,13 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); #ifndef OPENSSL_NO_KRB5 if (con->kssl_ctx->client_princ != NULL) { BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", con->kssl_ctx->client_princ); } #endif /* OPENSSL_NO_KRB5 */ return(1); } Loading
ssl/kssl.c +26 −9 Original line number Diff line number Diff line Loading @@ -1497,7 +1497,8 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, &krb5ticket->enc_part2->client->realm, krb5ticket->enc_part2->client->data)) krb5ticket->enc_part2->client->data, krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); Loading Loading @@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) } /* Given a (krb5_data *) entity (and optional realm), /* Given an array of (krb5_data *) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm, krb5_data *entity) krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; Loading @@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } if (*princ) free(*princ); length = entity->length + ((realm)? realm->length + 2: 1); /* Add up all the entity->lengths */ length = 0; for (i=0; i < nentities; i++) { length += entity[i].length; } /* Add in space for the '/' character(s) (if any) */ length += nentities-1; /* Space for the ('@'+realm+NULL | NULL) */ length += ((realm)? realm->length + 2: 1); if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else { strncpy(*princ, entity->data, entity->length); (*princ)[entity->length]='\0'; for (i = 0; i < nentities; i++) { strncat(*princ, entity[i].data, entity[i].length); if (i < nentities-1) { strcat (*princ, "/"); } } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); (*princ)[entity->length+1+realm->length]='\0'; } } Loading
ssl/kssl.h +1 −1 Original line number Diff line number Diff line Loading @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm, krb5_data *entity); krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, Loading
