From: Richard Levitte Date: Sat, 27 Sep 2003 17:55:18 +0000 (+0000) Subject: Include the instance in the Kerberos ticket information. X-Git-Tag: OpenSSL_0_9_7c~14 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ec4e600da656088b5efbabf0c4b32e5dd3e68ac8;p=oweals%2Fopenssl.git Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693 --- diff --git a/apps/s_server.c b/apps/s_server.c index 5157aae4d1..aada454098 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1263,7 +1263,13 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); - +#ifndef OPENSSL_NO_KRB5 + if (con->kssl_ctx->client_princ != NULL) + { + BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", + con->kssl_ctx->client_princ); + } +#endif /* OPENSSL_NO_KRB5 */ return(1); } diff --git a/ssl/kssl.c b/ssl/kssl.c index a80f5b2f74..7c45f8ff4e 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, "bad ticket from krb5_rd_req.\n"); } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data)) + &krb5ticket->enc_part2->client->realm, + krb5ticket->enc_part2->client->data, + krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); @@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) } -/* Given a (krb5_data *) entity (and optional realm), +/* Given an array of (krb5_data *) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity) + krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; + int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; @@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } if (*princ) free(*princ); - length = entity->length + ((realm)? realm->length + 2: 1); + /* Add up all the entity->lengths */ + length = 0; + for (i=0; i < nentities; i++) + { + length += entity[i].length; + } + /* Add in space for the '/' character(s) (if any) */ + length += nentities-1; + /* Space for the ('@'+realm+NULL | NULL) */ + length += ((realm)? realm->length + 2: 1); + if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else - { - strncpy(*princ, entity->data, entity->length); - (*princ)[entity->length]='\0'; + { + for (i = 0; i < nentities; i++) + { + strncat(*princ, entity[i].data, entity[i].length); + if (i < nentities-1) + { + strcat (*princ, "/"); + } + } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); - (*princ)[entity->length+1+realm->length]='\0'; } } diff --git a/ssl/kssl.h b/ssl/kssl.h index cf7ebdd168..19a689b089 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity); + krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,