Include the instance in the Kerberos ticket information.
authorRichard Levitte <levitte@openssl.org>
Sat, 27 Sep 2003 17:55:18 +0000 (17:55 +0000)
committerRichard Levitte <levitte@openssl.org>
Sat, 27 Sep 2003 17:55:18 +0000 (17:55 +0000)
In s_server, print the received Kerberos information.
PR: 693

apps/s_server.c
ssl/kssl.c
ssl/kssl.h

index 5157aae4d19cf4a25c8feeedba116131acb816a3..aada454098055af939772c7ec1ba34d665cbe111 100644 (file)
@@ -1263,7 +1263,13 @@ static int init_ssl_connection(SSL *con)
        if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
                TLS1_FLAGS_TLS_PADDING_BUG)
                BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-
+#ifndef OPENSSL_NO_KRB5
+       if (con->kssl_ctx->client_princ != NULL)
+               {
+               BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
+                       con->kssl_ctx->client_princ);
+               }
+#endif /* OPENSSL_NO_KRB5 */
        return(1);
        }
 
index a80f5b2f74dad0019f31da33d79da7885911e1a0..7c45f8ff4e6d7e7f8615f6dfc000c43384394094 100644 (file)
@@ -1496,8 +1496,9 @@ kssl_sget_tkt(    /* UPDATE */    KSSL_CTX                *kssl_ctx,
                         "bad ticket from krb5_rd_req.\n");
                }
        else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
-                &krb5ticket->enc_part2->client->realm,
-                krb5ticket->enc_part2->client->data))
+                &krb5ticket->enc_part2->client->realm,
+                krb5ticket->enc_part2->client->data,
+                krb5ticket->enc_part2->client->length))
                 {
                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
                         "kssl_ctx_setprinc() fails.\n");
@@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
         }
 
 
-/*     Given a (krb5_data *) entity (and optional realm),
+/*     Given an array of (krb5_data *) entity (and optional realm),
 **     set the plain (char *) client_princ or service_host member
 **     of the kssl_ctx struct.
 */
 krb5_error_code
 kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity)
+        krb5_data *realm, krb5_data *entity, int nentities)
         {
        char    **princ;
        int     length;
+       int i;
 
        if (kssl_ctx == NULL  ||  entity == NULL)  return KSSL_CTX_ERR;
 
@@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
                }
        if (*princ)  free(*princ);
 
-       length = entity->length + ((realm)? realm->length + 2: 1);
+       /* Add up all the entity->lengths */
+       length = 0;
+       for (i=0; i < nentities; i++)
+               {
+               length += entity[i].length;
+               }
+       /* Add in space for the '/' character(s) (if any) */
+       length += nentities-1;
+       /* Space for the ('@'+realm+NULL | NULL) */
+       length += ((realm)? realm->length + 2: 1);
+
        if ((*princ = calloc(1, length)) == NULL)
                return KSSL_CTX_ERR;
        else
-                {
-               strncpy(*princ, entity->data, entity->length);
-               (*princ)[entity->length]='\0';
+               {
+               for (i = 0; i < nentities; i++)
+                       {
+                       strncat(*princ, entity[i].data, entity[i].length);
+                       if (i < nentities-1)
+                               {
+                               strcat (*princ, "/");
+                               }
+                       }
                if (realm)
                         {
                        strcat (*princ, "@");
                        (void) strncat(*princ, realm->data, realm->length);
-                       (*princ)[entity->length+1+realm->length]='\0';
                        }
                }
 
index cf7ebdd168ed9094c312e9258ee5fb4b29d585ef..19a689b089b7eb74199afa515e98eb71735c92e3 100644 (file)
@@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void);
 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity);
+        krb5_data *realm, krb5_data *entity, int nentities);
 krb5_error_code        kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
         krb5_data *authenp, KSSL_ERR *kssl_err);
 krb5_error_code        kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,