X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fkssl.c;h=fd7c67bb1fcb6406b99ec87190c5beefda44eb53;hb=48e0f6667b86cade6e7b7afa83c7006ab7e8c2d1;hp=73401c92a3e9be7a449c0e4be682100b6d6ea7aa;hpb=a5cc69c7ae0cf1086968d9d9a49a002a704128de;p=oweals%2Fopenssl.git diff --git a/ssl/kssl.c b/ssl/kssl.c index 73401c92a3..fd7c67bb1f 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -76,6 +76,7 @@ #include #include #include +#include "kssl_lcl.h" #ifndef OPENSSL_NO_KRB5 @@ -131,7 +132,7 @@ #define krb5_principal_compare kssl_krb5_principal_compare #define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part #define krb5_timeofday kssl_krb5_timeofday -#define krb5_rc_default kssl_krb5_rc_default +#define krb5_rc_default kssl_krb5_rc_default #ifdef krb5_rc_initialize #undef krb5_rc_initialize @@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype) ** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and ** xx and yy are possibly multi-byte length fields. */ -int kssl_test_confound(unsigned char *p) +static int kssl_test_confound(unsigned char *p) { int len = 2; int xx = 0, yy = 0; @@ -874,7 +875,7 @@ int kssl_test_confound(unsigned char *p) ** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 ** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. */ -size_t *populate_cksumlens(void) +static size_t *populate_cksumlens(void) { int i, j, n; static size_t *cklens = NULL; @@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) /* Display contents of krb5_principal_data struct, for debugging ** (krb5_principal is typedef'd == krb5_principal_data *) */ -void +static void print_krb5_princ(char *label, krb5_principal_data *princ) { int i, ui, uj; @@ -1224,7 +1225,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, ** code here. This tkt should alloc/free just ** like the real thing. */ -krb5_error_code +static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* IN */ KRB5_TKTBODY *asn1ticket, /* OUT */ krb5_ticket **krb5ticket, @@ -1802,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, KRB5_NT_SRV_HST, &princ); + if (krb5rc) + goto exit; + krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, 0 /* IGNORE_VNO */, @@ -1899,7 +1903,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) ** Return pointer to the (partially) filled in struct tm on success, ** return NULL on failure. */ -struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) +static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) { char c, *p; @@ -1925,7 +1929,7 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) ** So we try to sneek the clockskew out through the replay cache. ** If that fails just return a likely default (300 seconds). */ -krb5_deltat get_rc_clockskew(krb5_context context) +static krb5_deltat get_rc_clockskew(krb5_context context) { krb5_rcache rc; krb5_deltat clockskew; @@ -2089,9 +2093,12 @@ krb5_error_code kssl_check_authent( EVP_CIPHER_CTX_cleanup(&ciph_ctx); #ifdef KSSL_DEBUG + { + int padl; printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl); for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]); printf("\n"); + } #endif /* KSSL_DEBUG */ if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) @@ -2121,7 +2128,7 @@ krb5_error_code kssl_check_authent( tm_g = gmtime(&now); tg = mktime(tm_g); tz_offset = tg - tl; - *atimep = tr - tz_offset; + *atimep = (krb5_timestamp)(tr - tz_offset); } #ifdef KSSL_DEBUG @@ -2187,6 +2194,22 @@ krb5_error_code kssl_build_principal_2( return ENOMEM; } +void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) + { + s->kssl_ctx = kctx; + } + +KSSL_CTX * SSL_get0_kssl_ctx(SSL *s) + { + return s->kssl_ctx; + } + +char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) + { + if (kctx) + return kctx->client_princ; + return NULL; + } #else /* !OPENSSL_NO_KRB5 */