Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>

#define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part

#define krb5_timeofday           kssl_krb5_timeofday

#define krb5_rc_default           kssl_krb5_rc_default

#define krb5_krb5_rc_initialize   kssl_krb5_rc_initialize

#define krb5_krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan

#define krb5_krb5_rc_destroy      kssl_krb5_rc_destroy

#define krb5_rc_initialize   kssl_krb5_rc_initialize

#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan

#define krb5_rc_destroy      kssl_krb5_rc_destroy

#define valid_cksumtype      kssl_valid_cksumtype

#define krb5_checksum_size   kssl_krb5_checksum_size

#define krb5_kt_free_entry   kssl_krb5_kt_free_entry

/* Prototypes for built in stubs */

void kssl_krb5_free_data_contents(krb5_context, krb5_data *);

krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,

                                         krb5_const_principal);

krb5_error_code krb5_decrypt_tkt_part(krb5_context, krb5_const krb5_keyblock *,

				      krb5_ticket *);

krb5_error_code krb5_timeofday(krb5_context context, krb5_int32 *timeret);

krb5_error_code krb5_rc_default(krb5_context context, krb5_rcache *rc);

krb5_error_code krb5_rc_initialize(krb5_context context, krb5_rcache rc,

				     krb5_deltat lifespan);

krb5_error_code krb5_rc_get_lifespan(krb5_context context, krb5_rcache rc,

				     krb5_deltat *lifespan);

krb5_error_code krb5_rc_destroy(krb5_context context, krb5_rcache rc);

krb5_error_code kssl_krb5_mk_req_extended(krb5_context,

                                          krb5_auth_context  *,

                                          krb5_const krb5_flags,

                                           krb5_ccache cache,

                                           krb5_principal *principal);

krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);

size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);

krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);

krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );

/* Function pointers (almost all Kerberos functions are _stdcall) */

static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)

			 krb5_principal *principal)=NULL;

static krb5_error_code (_stdcall *p_krb5_auth_con_free)

			(krb5_context, krb5_auth_context)=NULL;

static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)

                        (krb5_context, krb5_const krb5_keyblock *,

                                           krb5_ticket *)=NULL;

static krb5_error_code (_stdcall *p_krb5_timeofday)

                        (krb5_context context, krb5_int32 *timeret)=NULL;

static krb5_error_code (_stdcall *p_krb5_rc_default)

                        (krb5_context context, krb5_rcache *rc)=NULL;

static krb5_error_code (_stdcall *p_krb5_rc_initialize)

                        (krb5_context context, krb5_rcache rc,

                                     krb5_deltat lifespan)=NULL;

static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)

                        (krb5_context context, krb5_rcache rc,

                                       krb5_deltat *lifespan)=NULL;

static krb5_error_code (_stdcall *p_krb5_rc_destroy)

                        (krb5_context context, krb5_rcache rc)=NULL;

static krb5_boolean (_stdcall *p_krb5_principal_compare)

                     (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;

static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;

static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;

static krb5_error_code (_stdcall *p_krb5_kt_free_entry)

                        (krb5_context,krb5_keytab_entry * )=NULL;

static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */

/* Function to Load the Kerberos 5 DLL and initialize function pointers */

		GetProcAddress( hKRB5_32, "krb5_kt_resolve" );

	(FARPROC) p_krb5_auth_con_init =

		GetProcAddress( hKRB5_32, "krb5_auth_con_init" );

        (FARPROC) p_valid_cksumtype =

                GetProcAddress( hKRB5_32, "valid_cksumtype" );

        (FARPROC) p_krb5_checksum_size =

                GetProcAddress( hKRB5_32, "krb5_checksum_size" );

        (FARPROC) p_krb5_kt_free_entry =

                GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );

	}

/* Stubs for each function to be dynamicly loaded */

		load_krb5_dll();

	if ( p_krb5_principal_compare )

		return(p_krb5_principal_compare(con,princ1,princ2);

		return(p_krb5_principal_compare(con,princ1,princ2));

	else

		return KRB5KRB_ERR_GENERIC;

	}

		load_krb5_dll();

	if ( p_krb5_decrypt_tkt_part )

		return(p_krb5_decrypt_tkt_part(con,keys,ticket);

		return(p_krb5_decrypt_tkt_part(con,keys,ticket));

	else

		return KRB5KRB_ERR_GENERIC;

	}

		load_krb5_dll();

	if ( p_krb5_timeofday )

		return(p_krb5_timeofday(con,timeret);

		return(p_krb5_timeofday(con,timeret));

	else

		return KRB5KRB_ERR_GENERIC;

	}

		load_krb5_dll();

	if ( p_krb5_rc_default )

		return(p_krb5_rc_default(con,rc);

		return(p_krb5_rc_default(con,rc));

	else

		return KRB5KRB_ERR_GENERIC;

	}

		load_krb5_dll();

	if ( p_krb5_rc_initialize )

		return(p_krb5_rc_initialize(con, rc, lifespan);

		return(p_krb5_rc_initialize(con, rc, lifespan));

	else

		return KRB5KRB_ERR_GENERIC;

	}

		load_krb5_dll();

	if ( p_krb5_rc_get_lifespan )

		return(p_krb5_rc_get_lifespan(con, rc, lifespanp);

		return(p_krb5_rc_get_lifespan(con, rc, lifespanp));

	else

		return KRB5KRB_ERR_GENERIC;

	}

		load_krb5_dll();

	if ( p_krb5_rc_destroy )

		return(p_krb5_rc_destroy(con, rc);

		return(p_krb5_rc_destroy(con, rc));

	else

		return KRB5KRB_ERR_GENERIC;

	}

size_t 

krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)

        {

        if (!krb5_loaded)

                load_krb5_dll();

        if ( p_krb5_checksum_size )

                return(p_krb5_checksum_size(context, ctype));

        else

                return KRB5KRB_ERR_GENERIC;

        }

krb5_boolean 

valid_cksumtype(krb5_cksumtype ctype)

        {

        if (!krb5_loaded)

                load_krb5_dll();

        if ( p_valid_cksumtype )

                return(p_valid_cksumtype(ctype));

        else

                return KRB5KRB_ERR_GENERIC;

        }

krb5_error_code 

krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)

        {

        if (!krb5_loaded)

                load_krb5_dll();

        if ( p_krb5_kt_free_entry )

                return(p_krb5_kt_free_entry(con,entry));

        else

                return KRB5KRB_ERR_GENERIC;

        }

	krb5_magic magic;

	char  *prefix;

	char  * (KRB5_CALLCONV *get_name)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache));

		(krb5_context, krb5_ccache);

	krb5_error_code (KRB5_CALLCONV *resolve)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache  *, const char  *));

		(krb5_context, krb5_ccache  *, const char  *);

	krb5_error_code (KRB5_CALLCONV *gen_new)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache  *));

		(krb5_context, krb5_ccache  *);

	krb5_error_code (KRB5_CALLCONV *init)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_principal));

		(krb5_context, krb5_ccache, krb5_principal);

	krb5_error_code (KRB5_CALLCONV *destroy)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache));

		(krb5_context, krb5_ccache);

	krb5_error_code (KRB5_CALLCONV *close)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache));

		(krb5_context, krb5_ccache);

	krb5_error_code (KRB5_CALLCONV *store)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_creds  *));

		(krb5_context, krb5_ccache, krb5_creds  *);

	krb5_error_code (KRB5_CALLCONV *retrieve)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache,

		krb5_flags, krb5_creds  *, krb5_creds  *));

		(krb5_context, krb5_ccache,

		krb5_flags, krb5_creds  *, krb5_creds  *);

	krb5_error_code (KRB5_CALLCONV *get_princ)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_principal  *));

		(krb5_context, krb5_ccache, krb5_principal  *);

	krb5_error_code (KRB5_CALLCONV *get_first)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_cc_cursor  *));

		(krb5_context, krb5_ccache, krb5_cc_cursor  *);

	krb5_error_code (KRB5_CALLCONV *get_next)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache,

		krb5_cc_cursor  *, krb5_creds  *));

		(krb5_context, krb5_ccache,

		krb5_cc_cursor  *, krb5_creds  *);

	krb5_error_code (KRB5_CALLCONV *end_get)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_cc_cursor  *));

		(krb5_context, krb5_ccache, krb5_cc_cursor  *);

	krb5_error_code (KRB5_CALLCONV *remove_cred)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache,

		krb5_flags, krb5_creds  *));

		(krb5_context, krb5_ccache,

		krb5_flags, krb5_creds  *);

	krb5_error_code (KRB5_CALLCONV *set_flags)

		KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_flags));

		(krb5_context, krb5_ccache, krb5_flags);

	} krb5_cc_ops;

#endif /* NO_DEF_KRB5_CCACHE */

/*	Allocate, fill, and return cksumlens array of checksum lengths.

**	This array holds just the unique elements from the krb5_cksumarray[].

**	array[n] == 0 signals end of data.

**

**      The krb5_cksumarray[] was an internal variable that has since been

**      replaced by a more general method for storing the data.  It should

**      not be used.  Instead we use real API calls and make a guess for 

**      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2

**      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.

*/

int 	*populate_cksumlens(void)

	{

	int 		i, j, n = krb5_max_cksum+1;

	static int 	*cklens = NULL;

	int 		i, j, n = 0x0010+1;

	static size_t 	*cklens = NULL;

#ifdef KRB5CHECKAUTH

	if (!cklens && !(cklens = (int *) calloc(sizeof(int), n)))  return NULL;

	if (!cklens && !(cklens = (size_t *) calloc(sizeof(int), n)))  return NULL;

	for (i=0; i < krb5_max_cksum; i++)  {

		if (!krb5_cksumarray[i])  continue;	/*  array has holes  */

		for (j=0; j < krb5_max_cksum; j++)  {

	for (i=0; i < n; i++)  {

		if (!valid_cksumtype(i))  continue;	/*  array has holes  */

		for (j=0; j < n; j++)  {

			if (cklens[j] == 0)  {

				cklens[j] = krb5_cksumarray[i]->checksum_length;

				cklens[j] = krb5_checksum_size(NULL,i);

				break;		/*  krb5 elem was new: add   */

				}

			if (cklens[j] == krb5_cksumarray[i]->checksum_length)  {

			if (cklens[j] == krb5_checksum_size(NULL,i))  {

				break;		/*  ignore duplicate elements */

				}

			}

void

print_krb5_data(char *label, krb5_data *kdata)

        {

	int 	i;

	unsigned int 	i;

	printf("%s[%d] ", label, kdata->length);

	for (i=0; i < kdata->length; i++)

void

print_krb5_keyblock(char *label, krb5_keyblock *keyblk)

        {

	int 	i;

	unsigned int 	i;

	if (keyblk == NULL)

                {

void

print_krb5_princ(char *label, krb5_principal_data *princ)

        {

	int 	i, j;

	unsigned int 	ui, uj;

        int i;

	printf("%s principal Realm: ", label);

	if (princ == NULL)  return;

	for (i=0; i < princ->realm.length; i++)  putchar(princ->realm.data[i]);

	for (ui=0; ui < princ->realm.length; ui++)  putchar(princ->realm.data[ui]);

	printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);

	for (i=0; i < princ->length; i++)

                {

		printf("\t%d [%d]: ", i, princ->data[i].length);

		for (j=0; j < princ->data[i].length; j++)  {

			putchar(princ->data[i].data[j]);

		for (uj=0; uj < princ->data[i].length; uj++)  {

			putchar(princ->data[i].data[uj]);

			}

		printf("\n");

		}

			}

		if (ap_req)  KRB5_APREQ_free((KRB5_APREQ *) ap_req);

		if (krb5_app_req.length)  krb5_xfree(krb5_app_req.data);

		if (krb5_app_req.length)  

                        krb5_free_data_contents(krb5context,&krb5_app_req);

		}

#ifdef KRB5_HEIMDAL

	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))

	return;

        }

#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)

void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)

	{

#ifdef KRB5_HEIMDAL

	krb5_free_data_contents(NULL, data);

#endif

	}

#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */

/*  Helper function for kssl_validate_times().

**  We need context->clockskew, but krb5_context is an opaque struct.

	int 			padl, outl, unencbufsize;

	struct tm		tm_time, *tm_l, *tm_g;

	time_t			now, tl, tg, tz_offset;

        char * strptime();

	*atimep = 0;

	kssl_err_set(kssl_err, 0, "");

		}

	else	strncpy(tbuf, auth->ctime->data, auth->ctime->length);

	if (strptime(tbuf, "%Y%m%d%H%M%S", &tm_time) != NULL)

	if ((char *)strptime(tbuf, "%Y%m%d%H%M%S", &tm_time) != NULL)

		{

		now  = time(&now);

		tm_l = localtime(&now); 	tl = mktime(tm_l);