1c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */ 2c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. 3c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 4c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* ==================================================================== 5c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 7c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Redistribution and use in source and binary forms, with or without 8c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * modification, are permitted provided that the following conditions 9c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * are met: 10c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 11c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 1. Redistributions of source code must retain the above copyright 12c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer. 13c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 14c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 15c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer in 16c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the documentation and/or other materials provided with the 17c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * distribution. 18c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 19c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 3. All advertising materials mentioning features or use of this 20c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * software must display the following acknowledgment: 21c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes software developed by the OpenSSL Project 22c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 23c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 24c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * endorse or promote products derived from this software without 26c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * prior written permission. For written permission, please contact 27c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * licensing@OpenSSL.org. 28c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 29c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 5. Products derived from this software may not be called "OpenSSL" 30c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * nor may "OpenSSL" appear in their names without prior written 31c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * permission of the OpenSSL Project. 32c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 33c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 6. Redistributions of any form whatsoever must retain the following 34c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * acknowledgment: 35c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes software developed by the OpenSSL Project 36c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 37c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 38c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OF THE POSSIBILITY OF SUCH DAMAGE. 50c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ==================================================================== 51c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 52c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This product includes cryptographic software written by Eric Young 53c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * (eay@cryptsoft.com). This product includes software written by Tim 54c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Hudson (tjh@cryptsoft.com). 55c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 56c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 57c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 58c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 59c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl 60c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 61c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 19990701 VRS Started. 62c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 200011?? Jeffrey Altman, Richard Levitte 63c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Generalized for Heimdal, Newer MIT, & Win32. 64c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Integrated into main OpenSSL 0.9.7 snapshots. 65c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 20010413 Simon Wilkinson, VRS 66c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Real RFC2712 KerberosWrapper replaces AP_REQ. 67c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 68c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 69c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/opensslconf.h> 70c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 71c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <string.h> 72c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 73c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define KRB5_PRIVATE 1 74c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 75c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/ssl.h> 76c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/evp.h> 77c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/objects.h> 78c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/krb5_asn.h> 79480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#include "kssl_lcl.h" 80c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 81c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_KRB5 82c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 83c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef ENOMEM 84c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define ENOMEM KRB5KRB_ERR_GENERIC 85c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 86c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 87c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* 88c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * When OpenSSL is built on Windows, we do not want to require that 89c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the Kerberos DLLs be available in order for the OpenSSL DLLs to 90c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * work. Therefore, all Kerberos routines are loaded at run time 91c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * and we do not link to a .LIB file. 92c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 93c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 94c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) 95c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* 96c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The purpose of the following pre-processor statements is to provide 97c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * compatibility with different releases of MIT Kerberos for Windows. 98c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * All versions up to 1.2 used macros. But macros do not allow for 99c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * a binary compatible interface for DLLs. Therefore, all macros are 100c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * being replaced by function calls. The following code will allow 101c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * an OpenSSL DLL built on Windows to work whether or not the macro 102c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * or function form of the routines are utilized. 103c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 104c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef krb5_cc_get_principal 105c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define NO_DEF_KRB5_CCACHE 106c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#undef krb5_cc_get_principal 107c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 108c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_cc_get_principal kssl_krb5_cc_get_principal 109c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 110c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_free_data_contents kssl_krb5_free_data_contents 111c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_free_context kssl_krb5_free_context 112c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_auth_con_free kssl_krb5_auth_con_free 113c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_free_principal kssl_krb5_free_principal 114c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_mk_req_extended kssl_krb5_mk_req_extended 115c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_get_credentials kssl_krb5_get_credentials 116c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_cc_default kssl_krb5_cc_default 117c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_sname_to_principal kssl_krb5_sname_to_principal 118c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_init_context kssl_krb5_init_context 119c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_free_ticket kssl_krb5_free_ticket 120c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_rd_req kssl_krb5_rd_req 121c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_kt_default kssl_krb5_kt_default 122c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_kt_resolve kssl_krb5_kt_resolve 123c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */ 124c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef krb5_kt_close 125c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_kt_close kssl_krb5_kt_close 126c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* krb5_kt_close */ 127c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef krb5_kt_get_entry 128c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_kt_get_entry kssl_krb5_kt_get_entry 129c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* krb5_kt_get_entry */ 130c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_auth_con_init kssl_krb5_auth_con_init 131c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 132c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_principal_compare kssl_krb5_principal_compare 133c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part 134c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_timeofday kssl_krb5_timeofday 135480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#define krb5_rc_default kssl_krb5_rc_default 136c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 137c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef krb5_rc_initialize 138c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#undef krb5_rc_initialize 139c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 140c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_rc_initialize kssl_krb5_rc_initialize 141c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 142c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef krb5_rc_get_lifespan 143c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#undef krb5_rc_get_lifespan 144c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 145c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan 146c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef krb5_rc_destroy 148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#undef krb5_rc_destroy 149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_rc_destroy kssl_krb5_rc_destroy 151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define valid_cksumtype kssl_valid_cksumtype 153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_checksum_size kssl_krb5_checksum_size 154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_kt_free_entry kssl_krb5_kt_free_entry 155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache 156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache 157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_get_server_rcache kssl_krb5_get_server_rcache 158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Prototypes for built in stubs */ 160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid kssl_krb5_free_data_contents(krb5_context, krb5_data *); 161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid kssl_krb5_free_principal(krb5_context, krb5_principal ); 162c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_kt_resolve(krb5_context, 163c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const char *, 164c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab *); 165c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_kt_default(krb5_context, 166c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab *); 167c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *); 168c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, 169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_data *, 170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal, krb5_keytab, 171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_flags *,krb5_ticket **); 172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal, 174c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal); 175c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_mk_req_extended(krb5_context, 176c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context *, 177c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_flags, 178c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data *, 179c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds *, 180c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data * ); 181c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_init_context(krb5_context *); 182c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid kssl_krb5_free_context(krb5_context); 183c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache *); 184c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_sname_to_principal(krb5_context, 185c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const char *, 186c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const char *, 187c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_int32, 188c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal *); 189c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_get_credentials(krb5_context, 190c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_flags, 191c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache, 192c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds *, 193c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds * *); 194c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_auth_con_init(krb5_context, 195c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context *); 196c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_cc_get_principal(krb5_context context, 197c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache cache, 198c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal *principal); 199c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context); 200c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgsize_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype); 201c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype); 202c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * ); 203c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, 204c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context, 205c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache); 206c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_get_server_rcache(krb5_context, 207c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_data *, 208c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache *); 209c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, 210c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context, 211c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache *); 212c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 213c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Function pointers (almost all Kerberos functions are _stdcall) */ 214c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *) 215c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org =NULL; 216c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal ) 217c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org =NULL; 218c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code(_stdcall *p_krb5_kt_resolve) 219c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_const char *, krb5_keytab *)=NULL; 220c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context, 221c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab *)=NULL; 222c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, 223c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket *)=NULL; 224c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, 225c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context *, 226c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_data *, 227c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal, 228c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab, krb5_flags *, 229c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket **)=NULL; 230c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_mk_req_extended) 231c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_auth_context *, 232c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_flags, krb5_data *, krb5_creds *, 233c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data * )=NULL; 234c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL; 235c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void (_stdcall *p_krb5_free_context)(krb5_context)=NULL; 236c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context, 237c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache *)=NULL; 238c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_sname_to_principal) 239c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_const char *, krb5_const char *, 240c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_int32, krb5_principal *)=NULL; 241c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_get_credentials) 242c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_const krb5_flags, krb5_ccache, 243c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds *, krb5_creds **)=NULL; 244c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_auth_con_init) 245c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_auth_context *)=NULL; 246c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_cc_get_principal) 247c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_ccache cache, 248c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal *principal)=NULL; 249c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_auth_con_free) 250c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_auth_context)=NULL; 251c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part) 252c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_const krb5_keyblock *, 253c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket *)=NULL; 254c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_timeofday) 255c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_int32 *timeret)=NULL; 256c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_rc_default) 257c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_rcache *rc)=NULL; 258c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_rc_initialize) 259c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_rcache rc, 260c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_deltat lifespan)=NULL; 261c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_rc_get_lifespan) 262c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_rcache rc, 263c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_deltat *lifespan)=NULL; 264c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_rc_destroy) 265c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_rcache rc)=NULL; 266c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_boolean (_stdcall *p_krb5_principal_compare) 267c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_const_principal, krb5_const_principal)=NULL; 268c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL; 269c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL; 270c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall *p_krb5_kt_free_entry) 271c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context,krb5_keytab_entry * )=NULL; 272c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context, 273c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context, 274c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache)=NULL; 275c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context, 276c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_data *, 277c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache *)=NULL; 278c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context, 279c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context, 280c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache *)=NULL; 281c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context, 282c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab keytab)=NULL; 283c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context, 284c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab keytab, 285c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal principal, krb5_kvno vno, 286c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_enctype enctype, krb5_keytab_entry *entry)=NULL; 287c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic int krb5_loaded = 0; /* only attempt to initialize func ptrs once */ 288c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 289c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Function to Load the Kerberos 5 DLL and initialize function pointers */ 290c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 291c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgload_krb5_dll(void) 292c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 293c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org HANDLE hKRB5_32; 294c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 295c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_loaded++; 296c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org hKRB5_32 = LoadLibrary(TEXT("KRB5_32")); 297c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!hKRB5_32) 298c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 299c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 300c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_free_data_contents = 301c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_free_data_contents" ); 302c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_free_context = 303c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_free_context" ); 304c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_auth_con_free = 305c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_auth_con_free" ); 306c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_free_principal = 307c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_free_principal" ); 308c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_mk_req_extended = 309c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_mk_req_extended" ); 310c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_get_credentials = 311c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_get_credentials" ); 312c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_cc_get_principal = 313c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_cc_get_principal" ); 314c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_cc_default = 315c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_cc_default" ); 316c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_sname_to_principal = 317c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_sname_to_principal" ); 318c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_init_context = 319c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_init_context" ); 320c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_free_ticket = 321c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_free_ticket" ); 322c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_rd_req = 323c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_rd_req" ); 324c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_principal_compare = 325c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_principal_compare" ); 326c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_decrypt_tkt_part = 327c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" ); 328c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_timeofday = 329c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_timeofday" ); 330c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_rc_default = 331c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_rc_default" ); 332c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_rc_initialize = 333c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_rc_initialize" ); 334c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_rc_get_lifespan = 335c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" ); 336c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_rc_destroy = 337c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_rc_destroy" ); 338c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_kt_default = 339c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_kt_default" ); 340c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_kt_resolve = 341c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_kt_resolve" ); 342c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_auth_con_init = 343c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_auth_con_init" ); 344c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_valid_cksumtype = 345c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "valid_cksumtype" ); 346c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_checksum_size = 347c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_checksum_size" ); 348c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_kt_free_entry = 349c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_kt_free_entry" ); 350c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_auth_con_setrcache = 351c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" ); 352c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_get_server_rcache = 353c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_get_server_rcache" ); 354c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_auth_con_getrcache = 355c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" ); 356c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_kt_close = 357c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_kt_close" ); 358c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (FARPROC) p_krb5_kt_get_entry = 359c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GetProcAddress( hKRB5_32, "krb5_kt_get_entry" ); 360c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 361c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 362c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Stubs for each function to be dynamicly loaded */ 363c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 364c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_free_data_contents(krb5_context CO, krb5_data * data) 365c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 366c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 367c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 368c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 369c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_free_data_contents ) 370c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p_krb5_free_data_contents(CO,data); 371c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 372c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 373c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 374c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_mk_req_extended (krb5_context CO, 375c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context * pACO, 376c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_flags F, 377c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data * pD1, 378c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds * pC, 379c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data * pD2) 380c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 381c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 382c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 383c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 384c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_mk_req_extended ) 385c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2)); 386c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 387c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 388c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 389c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 390c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_auth_con_init(krb5_context CO, 391c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context * pACO) 392c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 393c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 394c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 395c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 396c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_auth_con_init ) 397c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_auth_con_init(CO,pACO)); 398c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 399c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 400c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 401c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 402c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_auth_con_free (krb5_context CO, 403c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context ACO) 404c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 405c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 406c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 407c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 408c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_auth_con_free ) 409c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_auth_con_free(CO,ACO)); 410c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 411c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 412c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 413c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 414c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_get_credentials(krb5_context CO, 415c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_flags F, 416c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache CC, 417c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds * pCR, 418c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds ** ppCR) 419c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 420c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 421c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 422c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 423c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_get_credentials ) 424c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR)); 425c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 426c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 427c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 428c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 429c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_sname_to_principal(krb5_context CO, 430c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const char * pC1, 431c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const char * pC2, 432c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_int32 I, 433c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal * pPR) 434c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 435c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 436c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 437c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 438c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_sname_to_principal ) 439c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR)); 440c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 441c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 442c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 443c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 444c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 445c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_cc_default(krb5_context CO, 446c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache * pCC) 447c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 448c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 449c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 450c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 451c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_cc_default ) 452c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_cc_default(CO,pCC)); 453c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 454c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 455c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 456c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 457c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 458c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_init_context(krb5_context * pCO) 459c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 460c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 461c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 462c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 463c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_init_context ) 464c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_init_context(pCO)); 465c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 466c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 467c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 468c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 469c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 470c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_free_context(krb5_context CO) 471c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 472c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 473c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 474c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 475c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_free_context ) 476c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p_krb5_free_context(CO); 477c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 478c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 479c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 480c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_free_principal(krb5_context c, krb5_principal p) 481c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 482c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 483c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 484c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 485c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_free_principal ) 486c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p_krb5_free_principal(c,p); 487c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 488c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 489c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 490c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_kt_resolve(krb5_context con, 491c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const char * sz, 492c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab * kt) 493c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 494c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 495c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 496c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 497c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_kt_resolve ) 498c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_kt_resolve(con,sz,kt)); 499c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 500c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 501c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 502c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 503c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 504c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_kt_default(krb5_context con, 505c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab * kt) 506c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 507c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 508c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 509c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 510c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_kt_default ) 511c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_kt_default(con,kt)); 512c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 513c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 514c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 515c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 516c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 517c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_free_ticket(krb5_context con, 518c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket * kt) 519c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 520c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 521c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 522c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 523c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_free_ticket ) 524c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_free_ticket(con,kt)); 525c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 526c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 527c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 528c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 529c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 530c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon, 531c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const krb5_data * data, 532c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal princ, krb5_keytab keytab, 533c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_flags * flags, krb5_ticket ** pptkt) 534c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 535c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 536c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 537c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 538c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_rd_req ) 539c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt)); 540c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 541c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 542c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 543c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 544c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_boolean 545c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_principal_compare(krb5_context con, krb5_const_principal princ1, 546c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal princ2) 547c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 548c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 549c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 550c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 551c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_principal_compare ) 552c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_principal_compare(con,princ1,princ2)); 553c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 554c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 555c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 556c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 557c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 558c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys, 559c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket *ticket) 560c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 561c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 562c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 563c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 564c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_decrypt_tkt_part ) 565c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_decrypt_tkt_part(con,keys,ticket)); 566c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 567c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 568c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 569c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 570c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 571c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_timeofday(krb5_context con, krb5_int32 *timeret) 572c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 573c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 574c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 575c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 576c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_timeofday ) 577c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_timeofday(con,timeret)); 578c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 579c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 580c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 581c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 582c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 583c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_rc_default(krb5_context con, krb5_rcache *rc) 584c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 585c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 586c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 587c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 588c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_rc_default ) 589c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_rc_default(con,rc)); 590c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 591c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 592c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 593c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 594c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 595c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan) 596c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 597c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 598c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 599c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 600c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_rc_initialize ) 601c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_rc_initialize(con, rc, lifespan)); 602c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 603c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 604c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 605c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 606c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 607c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp) 608c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 609c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 610c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 611c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 612c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_rc_get_lifespan ) 613c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_rc_get_lifespan(con, rc, lifespanp)); 614c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 615c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 616c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 617c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 618c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 619c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_rc_destroy(krb5_context con, krb5_rcache rc) 620c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 621c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 622c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 623c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 624c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_rc_destroy ) 625c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_rc_destroy(con, rc)); 626c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 627c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 628c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 629c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 630c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgsize_t 631c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_checksum_size(krb5_context context,krb5_cksumtype ctype) 632c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 633c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 634c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 635c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 636c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_checksum_size ) 637c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_checksum_size(context, ctype)); 638c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 639c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 640c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 641c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 642c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_boolean 643c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvalid_cksumtype(krb5_cksumtype ctype) 644c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 645c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 646c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 647c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 648c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_valid_cksumtype ) 649c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_valid_cksumtype(ctype)); 650c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 651c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 652c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 653c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 654c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 655c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry) 656c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 657c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5_loaded) 658c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org load_krb5_dll(); 659c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 660c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_kt_free_entry ) 661c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_kt_free_entry(con,entry)); 662c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 663c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 664c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 665c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 666c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Structure definitions */ 667c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef NO_DEF_KRB5_CCACHE 668c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef krb5_x 669c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) 670c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) 671c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 672c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 673c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgtypedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ 674c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 675c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgtypedef struct _krb5_ccache 676c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 677c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_magic magic; 678c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org struct _krb5_cc_ops FAR *ops; 679c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_pointer data; 680c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } *krb5_ccache; 681c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 682c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgtypedef struct _krb5_cc_ops 683c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 684c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_magic magic; 685c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char *prefix; 686c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char * (KRB5_CALLCONV *get_name) 687c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache); 688c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *resolve) 689c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache *, const char *); 690c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *gen_new) 691c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache *); 692c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *init) 693c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, krb5_principal); 694c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *destroy) 695c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache); 696c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *close) 697c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache); 698c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *store) 699c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, krb5_creds *); 700c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *retrieve) 701c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, 702c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_flags, krb5_creds *, krb5_creds *); 703c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *get_princ) 704c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, krb5_principal *); 705c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *get_first) 706c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, krb5_cc_cursor *); 707c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *get_next) 708c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, 709c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_cc_cursor *, krb5_creds *); 710c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *end_get) 711c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, krb5_cc_cursor *); 712c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *remove_cred) 713c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, 714c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_flags, krb5_creds *); 715c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code (KRB5_CALLCONV *set_flags) 716c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context, krb5_ccache, krb5_flags); 717c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } krb5_cc_ops; 718c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* NO_DEF_KRB5_CCACHE */ 719c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 720c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 721c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_cc_get_principal 722c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_context context, krb5_ccache cache, 723c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal *principal) 724c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 725c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_cc_get_principal ) 726c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_cc_get_principal(context,cache,principal)); 727c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 728c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(krb5_x 729c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ((cache)->ops->get_princ,(context, cache, principal))); 730c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 731c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 732c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 733c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon, 734c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache rcache) 735c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 736c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_auth_con_setrcache ) 737c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_auth_con_setrcache(con,acon,rcache)); 738c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 739c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 740c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 741c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 742c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 743c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data, 744c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache * rcache) 745c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 746c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_get_server_rcache ) 747c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_get_server_rcache(con,data,rcache)); 748c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 749c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 750c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 751c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 752c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 753c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon, 754c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache * prcache) 755c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 756c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_auth_con_getrcache ) 757c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_auth_con_getrcache(con,acon, prcache)); 758c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 759c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 760c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 761c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 762c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 763c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_kt_close(krb5_context context, krb5_keytab keytab) 764c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 765c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_kt_close ) 766c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_kt_close(context,keytab)); 767c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 768c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 769c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 770c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 771c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 772c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, 773c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_const_principal principal, krb5_kvno vno, 774c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_enctype enctype, krb5_keytab_entry *entry) 775c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 776c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( p_krb5_kt_get_entry ) 777c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry)); 778c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 779c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 780c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 781c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ 782c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 783c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 784c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* memory allocation functions for non-temporary storage 785c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * (e.g. stuff that gets saved into the kssl context) */ 786c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void* kssl_calloc(size_t nmemb, size_t size) 787c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org{ 788c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org void* p; 789c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 790c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p=OPENSSL_malloc(nmemb*size); 791c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (p){ 792c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset(p, 0, nmemb*size); 793c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 794c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return p; 795c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org} 796c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 797c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define kssl_malloc(size) OPENSSL_malloc((size)) 798c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size) 799c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define kssl_free(ptr) OPENSSL_free((ptr)) 800c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 801c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 802c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgchar 803c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*kstring(char *string) 804c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 805c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org static char *null = "[NULL]"; 806c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 807c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ((string == NULL)? null: string); 808c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 809c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 810c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Given KRB5 enctype (basically DES or 3DES), 811c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** return closest match openssl EVP_ encryption algorithm. 812c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. 813c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. 814c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 815c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgconst EVP_CIPHER * 816c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_map_enc(krb5_enctype enctype) 817c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 818c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch (enctype) 819c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 820c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */ 821c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES_CBC_CRC: 822c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES_CBC_MD4: 823c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES_CBC_MD5: 824c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES_CBC_RAW: 825c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return EVP_des_cbc(); 826c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 827c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ 828c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES3_CBC_SHA: 829c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES3_CBC_RAW: 830c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return EVP_des_ede3_cbc(); 831c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 832c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org default: return NULL; 833c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 834c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 835c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 836c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 837c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 838c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Return true:1 if p "looks like" the start of the real authenticator 839c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** described in kssl_skip_confound() below. The ASN.1 pattern is 840c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and 841c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** xx and yy are possibly multi-byte length fields. 842c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 843480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic int kssl_test_confound(unsigned char *p) 844c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 845c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int len = 2; 846c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int xx = 0, yy = 0; 847c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 848c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (*p++ != 0x62) return 0; 849c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (*p > 0x82) return 0; 850c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch(*p) { 851c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0x82: p++; xx = (*p++ << 8); xx += *p++; break; 852c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0x81: p++; xx = *p++; break; 853c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0x80: return 0; 854c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org default: xx = *p++; break; 855c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 856c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (*p++ != 0x30) return 0; 857c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (*p > 0x82) return 0; 858c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch(*p) { 859c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0x82: p++; len+=2; yy = (*p++ << 8); yy += *p++; break; 860c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0x81: p++; len++; yy = *p++; break; 861c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0x80: return 0; 862c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org default: yy = *p++; break; 863c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 864c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 865c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return (xx - len == yy)? 1: 0; 866c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 867c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 868c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Allocate, fill, and return cksumlens array of checksum lengths. 869c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** This array holds just the unique elements from the krb5_cksumarray[]. 870c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** array[n] == 0 signals end of data. 871c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 872c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** The krb5_cksumarray[] was an internal variable that has since been 873c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** replaced by a more general method for storing the data. It should 874c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** not be used. Instead we use real API calls and make a guess for 875c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 876c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. 877c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 878480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic size_t *populate_cksumlens(void) 879c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 880c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i, j, n; 881c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org static size_t *cklens = NULL; 882c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 883c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5_MIT_OLD11 884c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org n = krb5_max_cksum; 885c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 886c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org n = 0x0010; 887c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KRB5_MIT_OLD11 */ 888c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 889c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5CHECKAUTH 890c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1))) return NULL; 891c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 892c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < n; i++) { 893c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!valid_cksumtype(i)) continue; /* array has holes */ 894c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (j=0; j < n; j++) { 895c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (cklens[j] == 0) { 896c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org cklens[j] = krb5_checksum_size(NULL,i); 897c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; /* krb5 elem was new: add */ 898c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 899c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (cklens[j] == krb5_checksum_size(NULL,i)) { 900c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; /* ignore duplicate elements */ 901c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 902c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 903c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 904c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KRB5CHECKAUTH */ 905c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 906c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return cklens; 907c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 908c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 909c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Return pointer to start of real authenticator within authenticator, or 910c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** return NULL on error. 911c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Decrypted authenticator looks like this: 912c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] 913c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the 914c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** krb5_auth_con_getcksumtype() function advertised in its krb5.h. 915c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 916c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgunsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) 917c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 918c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i, conlen; 919c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org size_t cklen; 920c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org static size_t *cksumlens = NULL; 921c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char *test_auth; 922c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 923c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org conlen = (etype)? 8: 0; 924c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 925c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!cksumlens && !(cksumlens = populate_cksumlens())) return NULL; 926c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; (cklen = cksumlens[i]) != 0; i++) 927c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 928c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org test_auth = a + conlen + cklen; 929c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_test_confound(test_auth)) return test_auth; 930c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 931c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 932c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return NULL; 933c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 934c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 935c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 936c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Set kssl_err error info when reason text is a simple string 937c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } 938c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 939c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 940c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) 941c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 942c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_err == NULL) return; 943c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 944c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = reason; 945c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text); 946c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 947c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 948c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 949c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 950c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Display contents of krb5_data struct, for debugging 951c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 952c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 953c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgprint_krb5_data(char *label, krb5_data *kdata) 954c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 955c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 956c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 957c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s[%d] ", label, kdata->length); 958c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < (int)kdata->length; i++) 959c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 960c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (0 && isprint((int) kdata->data[i])) 961c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf( "%c ", kdata->data[i]); 962c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 963c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf( "%02x ", (unsigned char) kdata->data[i]); 964c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 965c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 966c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 967c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 968c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 969c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Display contents of krb5_authdata struct, for debugging 970c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 971c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 972c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgprint_krb5_authdata(char *label, krb5_authdata **adata) 973c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 974c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (adata == NULL) 975c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 976c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s, authdata==0\n", label); 977c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 978c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 979c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s [%p]\n", label, (void *)adata); 980c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#if 0 981c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 982c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 983c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s[at%d:%d] ", label, adata->ad_type, adata->length); 984c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < adata->length; i++) 985c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 986c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf((isprint(adata->contents[i]))? "%c ": "%02x", 987c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org adata->contents[i]); 988c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 989c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 990c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 991c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 992c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 993c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 994c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 995c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Display contents of krb5_keyblock struct, for debugging 996c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 997c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 998c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgprint_krb5_keyblock(char *label, krb5_keyblock *keyblk) 999c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1000c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 1001c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1002c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (keyblk == NULL) 1003c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1004c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s, keyblk==0\n", label); 1005c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 1006c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1007c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5_HEIMDAL 1008c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype, 1009c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org keyblk->keyvalue->length); 1010c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < (int)keyblk->keyvalue->length; i++) 1011c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1012c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]); 1013c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1014c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 1015c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 1016c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length); 1017c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < (int)keyblk->length; i++) 1018c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1019c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%02x",keyblk->contents[i]); 1020c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1021c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 1022c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 1023c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1024c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1025c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1026c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Display contents of krb5_principal_data struct, for debugging 1027c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** (krb5_principal is typedef'd == krb5_principal_data *) 1028c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1029480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic void 1030c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgprint_krb5_princ(char *label, krb5_principal_data *princ) 1031c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1032c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i, ui, uj; 1033c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1034c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%s principal Realm: ", label); 1035c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (princ == NULL) return; 1036c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]); 1037c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf(" (nametype %d) has %d strings:\n", princ->type,princ->length); 1038c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < (int)princ->length; i++) 1039c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1040c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\t%d [%d]: ", i, princ->data[i].length); 1041c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (uj=0; uj < (int)princ->data[i].length; uj++) { 1042c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org putchar(princ->data[i].data[uj]); 1043c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1044c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 1045c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1046c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 1047c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1048c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1049c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1050c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Given krb5 service (typically "kssl") and hostname in kssl_ctx, 1051c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Return encrypted Kerberos ticket for service @ hostname. 1052c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** If authenp is non-NULL, also return encrypted authenticator, 1053c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** whose data should be freed by caller. 1054c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** (Originally was: Create Kerberos AP_REQ message for SSL Client.) 1055c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 1056c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 19990628 VRS Started; Returns Kerberos AP_REQ message. 1057c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 20010409 VRS Modified for RFC2712; Returns enc tkt. 1058c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 20010606 VRS May also return optional authenticator. 1059c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1060c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 1061c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, 1062c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ krb5_data **enc_ticketp, 1063c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* UPDATE */ krb5_data *authenp, 1064c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ KSSL_ERR *kssl_err) 1065c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1066c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; 1067c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_context krb5context = NULL; 1068c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_auth_context krb5auth_context = NULL; 1069c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache krb5ccdef = NULL; 1070c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds krb5creds, *krb5credsp = NULL; 1071c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data krb5_app_req; 1072c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1073c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, 0, ""); 1074c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset((char *)&krb5creds, 0, sizeof(krb5creds)); 1075c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1076c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!kssl_ctx) 1077c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1078c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1079c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "No kssl_ctx defined.\n"); 1080c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1081c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1082c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (!kssl_ctx->service_host) 1083c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1084c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1085c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "kssl_ctx service_host undefined.\n"); 1086c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1087c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1088c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1089c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_init_context(&krb5context)) != 0) 1090c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1091c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, 1092c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_init_context() fails: %d\n", krb5rc); 1093c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_C_INIT; 1094c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1095c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1096c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1097c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_sname_to_principal(krb5context, 1098c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->service_host, 1099c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, 1100c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_NT_SRV_HST, &krb5creds.server)) != 0) 1101c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1102c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, 1103c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_sname_to_principal() fails for %s/%s\n", 1104c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->service_host, 1105c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->service_name)? kssl_ctx->service_name: 1106c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5SVC); 1107c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_C_INIT; 1108c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1109c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1110c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1111c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) 1112c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1113c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, 1114c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_cc_default fails.\n"); 1115c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1116c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1117c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1118c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, 1119c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5creds.client)) != 0) 1120c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1121c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, 1122c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_cc_get_principal() fails.\n"); 1123c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1124c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1125c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1126c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, 1127c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5creds, &krb5credsp)) != 0) 1128c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1129c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED, 1130c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_get_credentials() fails.\n"); 1131c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1132c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1133c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1134c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *enc_ticketp = &krb5credsp->ticket; 1135c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5_HEIMDAL 1136c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->enctype = krb5credsp->session.keytype; 1137c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 1138c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->enctype = krb5credsp->keyblock.enctype; 1139c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 1140c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1141c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_ERR_GENERIC; 1142c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* caller should free data of krb5_app_req */ 1143c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* 20010406 VRS deleted for real KerberosWrapper 1144c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper 1145c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 1146c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_app_req.length = 0; 1147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (authenp) 1148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data krb5in_data; 1150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org const unsigned char *p; 1151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org long arlen; 1152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_APREQBODY *ap_req; 1153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org authenp->length = 0; 1155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5in_data.data = NULL; 1156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5in_data.length = 0; 1157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_mk_req_extended(krb5context, 1158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5auth_context, 0, &krb5in_data, krb5credsp, 1159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5_app_req)) != 0) 1160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ, 1162c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_mk_req_extended() fails.\n"); 1163c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1164c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1165c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1166c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org arlen = krb5_app_req.length; 1167c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p = (unsigned char *)krb5_app_req.data; 1168c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen); 1169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ap_req) 1170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org authenp->length = i2d_KRB5_ENCDATA( 1172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ap_req->authenticator, NULL); 1173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (authenp->length && 1174c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (authenp->data = malloc(authenp->length))) 1175c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1176c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char *adp = (unsigned char *)authenp->data; 1177c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org authenp->length = i2d_KRB5_ENCDATA( 1178c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ap_req->authenticator, &adp); 1179c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1180c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1181c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1182c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ap_req) KRB5_APREQ_free((KRB5_APREQ *) ap_req); 1183c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5_app_req.length) 1184c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_krb5_free_data_contents(krb5context,&krb5_app_req); 1185c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1186c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5_HEIMDAL 1187c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) 1188c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1189c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, 1190c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "kssl_ctx_setkey() fails.\n"); 1191c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1192c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 1193c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) 1194c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1195c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, 1196c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "kssl_ctx_setkey() fails.\n"); 1197c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1198c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 1199c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else krb5rc = 0; 1200c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1201c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err: 1202c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 1203c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx_show(kssl_ctx); 1204c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 1205c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1206c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5creds.client) krb5_free_principal(krb5context, 1207c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5creds.client); 1208c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5creds.server) krb5_free_principal(krb5context, 1209c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5creds.server); 1210c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5auth_context) krb5_auth_con_free(krb5context, 1211c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5auth_context); 1212c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5context) krb5_free_context(krb5context); 1213c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return (krb5rc); 1214c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1215c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1216c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1217c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. 1218c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Return Kerberos error code and kssl_err struct on error. 1219c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Allocates krb5_ticket and krb5_principal; caller should free these. 1220c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 1221c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 20010410 VRS Implemented krb5_decode_ticket() as 1222c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** old_krb5_decode_ticket(). Missing from MIT1.0.6. 1223c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. 1224c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Re-used some of the old krb5_decode_ticket() 1225c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** code here. This tkt should alloc/free just 1226c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** like the real thing. 1227c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1228480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic krb5_error_code 1229c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_TKT2tkt( /* IN */ krb5_context krb5context, 1230c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ KRB5_TKTBODY *asn1ticket, 1231c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ krb5_ticket **krb5ticket, 1232c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ KSSL_ERR *kssl_err ) 1233c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1234c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; 1235c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket *new5ticket = NULL; 1236c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ASN1_GENERALSTRING *gstr_svc, *gstr_host; 1237c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1238c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *krb5ticket = NULL; 1239c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1240c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (asn1ticket == NULL || asn1ticket->realm == NULL || 1241c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org asn1ticket->sname == NULL || 1242c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) 1243c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1244c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1245c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Null field in asn1ticket.\n"); 1246c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1247c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 1248c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1249c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1250c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL) 1251c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1252c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1253c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Unable to allocate new krb5_ticket.\n"); 1254c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1255c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ 1256c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1257c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1258c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0); 1259c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1); 1260c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1261c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = kssl_build_principal_2(krb5context, 1262c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &new5ticket->server, 1263c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org asn1ticket->realm->length, (char *)asn1ticket->realm->data, 1264c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org gstr_svc->length, (char *)gstr_svc->data, 1265c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org gstr_host->length, (char *)gstr_host->data)) != 0) 1266c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1267c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org free(new5ticket); 1268c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1269c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Error building ticket server principal.\n"); 1270c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1271c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ 1272c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1273c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1274c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_princ_type(krb5context, new5ticket->server) = 1275c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org asn1ticket->sname->nametype->data[0]; 1276c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0]; 1277c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0]; 1278c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new5ticket->enc_part.ciphertext.length = 1279c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org asn1ticket->encdata->cipher->length; 1280c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((new5ticket->enc_part.ciphertext.data = 1281c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org calloc(1, asn1ticket->encdata->cipher->length)) == NULL) 1282c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1283c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org free(new5ticket); 1284c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1285c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Error allocating cipher in krb5ticket.\n"); 1286c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1287c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KRB5KRB_ERR_GENERIC; 1288c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1289c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1290c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1291c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(new5ticket->enc_part.ciphertext.data, 1292c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org asn1ticket->encdata->cipher->data, 1293c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org asn1ticket->encdata->cipher->length); 1294c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1295c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1296c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *krb5ticket = new5ticket; 1297c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 1298c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1299c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1300c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1301c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), 1302c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** and krb5 AP_REQ message & message length, 1303c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Return Kerberos session key and client principle 1304c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** to SSL Server in KSSL_CTX *kssl_ctx. 1305c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 1306c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 19990702 VRS Started. 1307c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1308c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 1309c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, 1310c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ krb5_data *indata, 1311c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ krb5_ticket_times *ttimes, 1312c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ KSSL_ERR *kssl_err ) 1313c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1314c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; 1315c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org static krb5_context krb5context = NULL; 1316c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org static krb5_auth_context krb5auth_context = NULL; 1317c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket *krb5ticket = NULL; 1318c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_TKTBODY *asn1ticket = NULL; 1319c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org const unsigned char *p; 1320c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab krb5keytab = NULL; 1321c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab_entry kt_entry; 1322c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal krb5server; 1323c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache rcache = NULL; 1324c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1325c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, 0, ""); 1326c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1327c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!kssl_ctx) 1328c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1329c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1330c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "No kssl_ctx defined.\n"); 1331c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1332c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1333c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1334c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 1335c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name)); 1336c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 1337c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1338c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) 1339c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1340c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1341c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_init_context() fails.\n"); 1342c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1343c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1344c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5auth_context && 1345c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) 1346c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1347c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1348c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_auth_con_free() fails.\n"); 1349c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1350c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1351c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else krb5auth_context = NULL; 1352c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5auth_context && 1353c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) 1354c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1355c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1356c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_auth_con_init() fails.\n"); 1357c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1358c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1359c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1360c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1361c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context, 1362c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &rcache))) 1363c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1364c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1365c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_auth_con_getrcache() fails.\n"); 1366c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1367c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1368c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1369c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_sname_to_principal(krb5context, NULL, 1370c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, 1371c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_NT_SRV_HST, &krb5server)) != 0) 1372c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1373c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1374c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_sname_to_principal() fails.\n"); 1375c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1376c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1377c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1378c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (rcache == NULL) 1379c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1380c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_get_server_rcache(krb5context, 1381c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_princ_component(krb5context, krb5server, 0), 1382c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &rcache))) 1383c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1384c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1385c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_get_server_rcache() fails.\n"); 1386c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1387c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1388c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1389c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1390c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) 1391c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1392c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1393c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_auth_con_setrcache() fails.\n"); 1394c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1395c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1396c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1397c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1398c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* kssl_ctx->keytab_file == NULL ==> use Kerberos default 1399c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 1400c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->keytab_file) 1401c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1402c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, 1403c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5keytab); 1404c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5rc) 1405c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1406c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1407c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_kt_resolve() fails.\n"); 1408c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1409c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1410c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1411c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1412c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1413c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = krb5_kt_default(krb5context,&krb5keytab); 1414c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5rc) 1415c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1416c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 1417c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_kt_default() fails.\n"); 1418c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1419c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1420c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1421c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1422c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Actual Kerberos5 krb5_recvauth() has initial conversation here 1423c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** o check KRB5_SENDAUTH_BADAUTHVERS 1424c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** unless KRB5_RECVAUTH_SKIP_VERSION 1425c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** o check KRB5_SENDAUTH_BADAPPLVERS 1426c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** o send "0" msg if all OK 1427c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 1428c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1429c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* 20010411 was using AP_REQ instead of true KerberosWrapper 1430c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** 1431c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, 1432c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** &krb5in_data, krb5server, krb5keytab, 1433c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** &ap_option, &krb5ticket)) != 0) { Error } 1434c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 1435c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1436c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p = (unsigned char *)indata->data; 1437c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p, 1438c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (long) indata->length)) == NULL) 1439c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1440c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1441c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "d2i_KRB5_TICKET() ASN.1 decode failure.\n"); 1442c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1443c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1444c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1445c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1446c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */ 1447c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket, 1448c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err)) != 0) 1449c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1450c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1451c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Error converting ASN.1 ticket to krb5_ticket.\n"); 1452c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1453c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1454c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1455c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1456c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (! krb5_principal_compare(krb5context, krb5server, 1457c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->server)) { 1458c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5_PRINC_NOMATCH; 1459c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1460c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "server principal != ticket principal\n"); 1461c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1462c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1463c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1464c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 1465c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->server, krb5ticket->enc_part.kvno, 1466c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part.enctype, &kt_entry)) != 0) { 1467c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1468c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_kt_get_entry() fails with %x.\n", krb5rc); 1469c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1470c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1471c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1472c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key, 1473c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket)) != 0) { 1474c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, 1475c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "krb5_decrypt_tkt_part() failed.\n"); 1476c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err->reason = SSL_R_KRB5_S_RD_REQ; 1477c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1478c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1479c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else { 1480c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_kt_free_entry(krb5context, &kt_entry); 1481c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 1482c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1483c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs; 1484c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("Decrypted ticket fields:\n"); 1485c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tflags: %X, transit-type: %X", 1486c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->flags, 1487c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->transited.tr_type); 1488c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org print_krb5_data("\ttransit-data: ", 1489c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &(krb5ticket->enc_part2->transited.tr_contents)); 1490c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tcaddrs: %p, authdata: %p\n", 1491c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->caddrs, 1492c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->authorization_data); 1493c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (paddr) 1494c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1495c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tcaddrs:\n"); 1496c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; paddr[i] != NULL; i++) 1497c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1498c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data d; 1499c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org d.length=paddr[i]->length; 1500c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org d.data=paddr[i]->contents; 1501c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org print_krb5_data("\t\tIP: ", &d); 1502c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1503c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1504c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tstart/auth/end times: %d / %d / %d\n", 1505c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->times.starttime, 1506c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->times.authtime, 1507c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->times.endtime); 1508c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1509c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 1510c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1511c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1512c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5_NO_TKT_SUPPLIED; 1513c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!krb5ticket || !krb5ticket->enc_part2 || 1514c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org !krb5ticket->enc_part2->client || 1515c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org !krb5ticket->enc_part2->client->data || 1516c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org !krb5ticket->enc_part2->session) 1517c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1518c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, 1519c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "bad ticket from krb5_rd_req.\n"); 1520c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1521c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, 1522c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5ticket->enc_part2->client->realm, 1523c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->client->data, 1524c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5ticket->enc_part2->client->length)) 1525c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1526c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, 1527c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "kssl_ctx_setprinc() fails.\n"); 1528c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1529c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) 1530c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1531c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, 1532c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "kssl_ctx_setkey() fails.\n"); 1533c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1534c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) 1535c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1536c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_AP_ERR_TKT_INVALID; 1537c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, 1538c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "invalid ticket from krb5_rd_req.\n"); 1539c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1540c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else krb5rc = 0; 1541c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1542c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->enctype = krb5ticket->enc_part.enctype; 1543c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ttimes->authtime = krb5ticket->enc_part2->times.authtime; 1544c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ttimes->starttime = krb5ticket->enc_part2->times.starttime; 1545c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ttimes->endtime = krb5ticket->enc_part2->times.endtime; 1546c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ttimes->renew_till = krb5ticket->enc_part2->times.renew_till; 1547c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1548c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err: 1549c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 1550c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx_show(kssl_ctx); 1551c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 1552c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1553c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (asn1ticket) KRB5_TICKET_free((KRB5_TICKET *) asn1ticket); 1554c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); 1555c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5ticket) krb5_free_ticket(krb5context, krb5ticket); 1556c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5server) krb5_free_principal(krb5context, krb5server); 1557c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return (krb5rc); 1558c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1559c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1560c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1561c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Allocate & return a new kssl_ctx struct. 1562c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1563c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgKSSL_CTX * 1564c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_ctx_new(void) 1565c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1566c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX))); 1567c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1568c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1569c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1570c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Frees a kssl_ctx struct and any allocated memory it holds. 1571c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Returns NULL. 1572c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1573c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgKSSL_CTX * 1574c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_ctx_free(KSSL_CTX *kssl_ctx) 1575c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1576c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx == NULL) return kssl_ctx; 1577c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1578c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key, 1579c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->length); 1580c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->key) kssl_free(kssl_ctx->key); 1581c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->client_princ) kssl_free(kssl_ctx->client_princ); 1582c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->service_host) kssl_free(kssl_ctx->service_host); 1583c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->service_name) kssl_free(kssl_ctx->service_name); 1584c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->keytab_file) kssl_free(kssl_ctx->keytab_file); 1585c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1586c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_free(kssl_ctx); 1587c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return (KSSL_CTX *) NULL; 1588c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1589c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1590c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1591c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Given an array of (krb5_data *) entity (and optional realm), 1592c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** set the plain (char *) client_princ or service_host member 1593c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** of the kssl_ctx struct. 1594c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1595c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 1596c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, 1597c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data *realm, krb5_data *entity, int nentities) 1598c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1599c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char **princ; 1600c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int length; 1601c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 1602c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1603c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; 1604c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1605c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch (which) 1606c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1607c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case KSSL_CLIENT: princ = &kssl_ctx->client_princ; break; 1608c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case KSSL_SERVER: princ = &kssl_ctx->service_host; break; 1609c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org default: return KSSL_CTX_ERR; break; 1610c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1611c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (*princ) kssl_free(*princ); 1612c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1613c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Add up all the entity->lengths */ 1614c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org length = 0; 1615c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < nentities; i++) 1616c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1617c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org length += entity[i].length; 1618c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1619c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Add in space for the '/' character(s) (if any) */ 1620c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org length += nentities-1; 1621c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Space for the ('@'+realm+NULL | NULL) */ 1622c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org length += ((realm)? realm->length + 2: 1); 1623c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1624c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((*princ = kssl_calloc(1, length)) == NULL) 1625c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_ERR; 1626c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1627c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1628c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i = 0; i < nentities; i++) 1629c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1630c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org strncat(*princ, entity[i].data, entity[i].length); 1631c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (i < nentities-1) 1632c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1633c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org strcat (*princ, "/"); 1634c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1635c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1636c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (realm) 1637c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1638c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org strcat (*princ, "@"); 1639c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (void) strncat(*princ, realm->data, realm->length); 1640c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1641c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1642c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1643c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_OK; 1644c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1645c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1646c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1647c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Set one of the plain (char *) string members of the kssl_ctx struct. 1648c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Default values should be: 1649c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** which == KSSL_SERVICE => "khost" (KRB5SVC) 1650c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) 1651c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1652c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 1653c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) 1654c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1655c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char **string; 1656c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1657c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!kssl_ctx) return KSSL_CTX_ERR; 1658c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1659c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch (which) 1660c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1661c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case KSSL_SERVICE: string = &kssl_ctx->service_name; break; 1662c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case KSSL_SERVER: string = &kssl_ctx->service_host; break; 1663c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case KSSL_CLIENT: string = &kssl_ctx->client_princ; break; 1664c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break; 1665c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org default: return KSSL_CTX_ERR; break; 1666c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1667c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (*string) kssl_free(*string); 1668c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1669c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!text) 1670c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1671c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *string = '\0'; 1672c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_OK; 1673c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1674c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1675c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL) 1676c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_ERR; 1677c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1678c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org strcpy(*string, text); 1679c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1680c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_OK; 1681c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1682c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1683c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1684c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx 1685c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** struct. Clear kssl_ctx->key if Kerberos session key is NULL. 1686c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1687c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code 1688c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) 1689c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1690c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int length; 1691c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_enctype enctype; 1692c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_octet FAR *contents = NULL; 1693c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1694c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!kssl_ctx) return KSSL_CTX_ERR; 1695c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1696c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->key) 1697c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1698c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); 1699c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_free(kssl_ctx->key); 1700c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1701c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1702c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (session) 1703c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1704c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1705c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5_HEIMDAL 1706c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org length = session->keyvalue->length; 1707c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org enctype = session->keytype; 1708c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org contents = session->keyvalue->contents; 1709c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 1710c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org length = session->length; 1711c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org enctype = session->enctype; 1712c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org contents = session->contents; 1713c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 1714c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->enctype = enctype; 1715c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->length = length; 1716c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1717c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1718c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1719c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->enctype = ENCTYPE_UNKNOWN; 1720c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->length = 0; 1721c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_OK; 1722c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1723c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1724c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((kssl_ctx->key = 1725c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL) 1726c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1727c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->length = 0; 1728c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_ERR; 1729c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1730c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1731c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(kssl_ctx->key, contents, length); 1732c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1733c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return KSSL_CTX_OK; 1734c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1735c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1736c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1737c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Display contents of kssl_ctx struct 1738c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1739c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid 1740c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_ctx_show(KSSL_CTX *kssl_ctx) 1741c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1742c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 1743c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1744c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("kssl_ctx: "); 1745c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx == NULL) 1746c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1747c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("NULL\n"); 1748c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 1749c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1750c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1751c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%p\n", (void *)kssl_ctx); 1752c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1753c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tservice:\t%s\n", 1754c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); 1755c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tclient:\t%s\n", 1756c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL"); 1757c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tserver:\t%s\n", 1758c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL"); 1759c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tkeytab:\t%s\n", 1760c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL"); 1761c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\tkey [%d:%d]:\t", 1762c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->enctype, kssl_ctx->length); 1763c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1764c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i < kssl_ctx->length && kssl_ctx->key; i++) 1765c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1766c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%02x", kssl_ctx->key[i]); 1767c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1768c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 1769c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 1770c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1771c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1772c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int 1773c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_keytab_is_available(KSSL_CTX *kssl_ctx) 1774c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org{ 1775c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_context krb5context = NULL; 1776c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab krb5keytab = NULL; 1777c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_keytab_entry entry; 1778c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal princ = NULL; 1779c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; 1780c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int rc = 0; 1781c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1782c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_init_context(&krb5context))) 1783c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 1784c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1785c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* kssl_ctx->keytab_file == NULL ==> use Kerberos default 1786c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 1787c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (kssl_ctx->keytab_file) 1788c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1789c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, 1790c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5keytab); 1791c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5rc) 1792c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto exit; 1793c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1794c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1795c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1796c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = krb5_kt_default(krb5context,&krb5keytab); 1797c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5rc) 1798c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto exit; 1799c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1800c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1801c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* the host key we are looking for */ 1802c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = krb5_sname_to_principal(krb5context, NULL, 1803c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, 1804c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_NT_SRV_HST, &princ); 1805c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1806c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5rc) 1807c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto exit; 1808c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1809c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 1810c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org princ, 1811c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 0 /* IGNORE_VNO */, 1812c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 0 /* IGNORE_ENCTYPE */, 1813c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &entry); 1814c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( krb5rc == KRB5_KT_NOTFOUND ) { 1815c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org rc = 1; 1816c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto exit; 1817c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } else if ( krb5rc ) 1818c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto exit; 1819c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1820c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_kt_free_entry(krb5context, &entry); 1821c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org rc = 1; 1822c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1823c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org exit: 1824c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); 1825c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (princ) krb5_free_principal(krb5context, princ); 1826c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5context) krb5_free_context(krb5context); 1827c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(rc); 1828c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org} 1829c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1830c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint 1831c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkssl_tgt_is_available(KSSL_CTX *kssl_ctx) 1832c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1833c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; 1834c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_context krb5context = NULL; 1835c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ccache krb5ccdef = NULL; 1836c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_creds krb5creds, *krb5credsp = NULL; 1837c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int rc = 0; 1838c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1839c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset((char *)&krb5creds, 0, sizeof(krb5creds)); 1840c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1841c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!kssl_ctx) 1842c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 1843c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1844c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!kssl_ctx->service_host) 1845c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 1846c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1847c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_init_context(&krb5context)) != 0) 1848c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1849c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1850c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_sname_to_principal(krb5context, 1851c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx->service_host, 1852c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, 1853c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_NT_SRV_HST, &krb5creds.server)) != 0) 1854c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1855c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1856c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) 1857c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1858c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1859c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, 1860c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5creds.client)) != 0) 1861c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1862c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1863c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, 1864c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org &krb5creds, &krb5credsp)) != 0) 1865c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 1866c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1867c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org rc = 1; 1868c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1869c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err: 1870c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 1871c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_ctx_show(kssl_ctx); 1872c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 1873c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1874c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5creds.client) krb5_free_principal(krb5context, krb5creds.client); 1875c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5creds.server) krb5_free_principal(krb5context, krb5creds.server); 1876c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5context) krb5_free_context(krb5context); 1877c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(rc); 1878c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1879c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1880c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32) 1881c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) 1882c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1883c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KRB5_HEIMDAL 1884c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org data->length = 0; 1885c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (data->data) 1886c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org free(data->data); 1887c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#elif defined(KRB5_MIT_OLD11) 1888c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (data->data) { 1889c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_xfree(data->data); 1890c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org data->data = 0; 1891c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1892c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 1893c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_free_data_contents(NULL, data); 1894c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 1895c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1896c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ 1897c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1898c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1899c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Given pointers to KerberosTime and struct tm structs, convert the 1900c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** KerberosTime string to struct tm. Note that KerberosTime is a 1901c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional 1902c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** seconds as defined in RFC 1510. 1903c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Return pointer to the (partially) filled in struct tm on success, 1904c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** return NULL on failure. 1905c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1906480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) 1907c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1908c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char c, *p; 1909c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1910c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!k_tm) return NULL; 1911c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (gtime == NULL || gtime->length < 14) return NULL; 1912c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (gtime->data == NULL) return NULL; 1913c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1914c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p = (char *)>ime->data[14]; 1915c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1916c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org c = *p; *p = '\0'; p -= 2; k_tm->tm_sec = atoi(p); *(p+2) = c; 1917c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org c = *p; *p = '\0'; p -= 2; k_tm->tm_min = atoi(p); *(p+2) = c; 1918c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org c = *p; *p = '\0'; p -= 2; k_tm->tm_hour = atoi(p); *(p+2) = c; 1919c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org c = *p; *p = '\0'; p -= 2; k_tm->tm_mday = atoi(p); *(p+2) = c; 1920c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org c = *p; *p = '\0'; p -= 2; k_tm->tm_mon = atoi(p)-1; *(p+2) = c; 1921c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org c = *p; *p = '\0'; p -= 4; k_tm->tm_year = atoi(p)-1900; *(p+4) = c; 1922c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1923c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return k_tm; 1924c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1925c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1926c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1927c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Helper function for kssl_validate_times(). 1928c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** We need context->clockskew, but krb5_context is an opaque struct. 1929c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** So we try to sneek the clockskew out through the replay cache. 1930c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** If that fails just return a likely default (300 seconds). 1931c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1932480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic krb5_deltat get_rc_clockskew(krb5_context context) 1933c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1934c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_rcache rc; 1935c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_deltat clockskew; 1936c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1937c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5_rc_default(context, &rc)) return KSSL_CLOCKSKEW; 1938c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5_rc_initialize(context, rc, 0)) return KSSL_CLOCKSKEW; 1939c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (krb5_rc_get_lifespan(context, rc, &clockskew)) { 1940c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org clockskew = KSSL_CLOCKSKEW; 1941c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1942c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (void) krb5_rc_destroy(context, rc); 1943c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return clockskew; 1944c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1945c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1946c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1947c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* kssl_validate_times() combines (and more importantly exposes) 1948c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** the MIT KRB5 internal function krb5_validate_times() and the 1949c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** in_clock_skew() macro. The authenticator client time is checked 1950c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** to be within clockskew secs of the current time and the current 1951c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** time is checked to be within the ticket start and expire times. 1952c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Either check may be omitted by supplying a NULL value. 1953c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. 1954c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 1955c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** 20010420 VRS 1956c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1957c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_validate_times( krb5_timestamp atime, 1958c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_ticket_times *ttimes) 1959c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1960c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_deltat skew; 1961c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_timestamp start, now; 1962c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code rc; 1963c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_context context; 1964c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1965c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((rc = krb5_init_context(&context))) return SSL_R_KRB5_S_BAD_TICKET; 1966c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org skew = get_rc_clockskew(context); 1967c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET; 1968c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_free_context(context); 1969c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1970c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (atime && labs(atime - now) >= skew) return SSL_R_KRB5_S_TKT_SKEW; 1971c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1972c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (! ttimes) return 0; 1973c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1974c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime; 1975c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (start - now > skew) return SSL_R_KRB5_S_TKT_NYV; 1976c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((now - ttimes->endtime) > skew) return SSL_R_KRB5_S_TKT_EXPIRED; 1977c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1978c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 1979c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n", 1980c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org start, atime, now, skew, ttimes->endtime); 1981c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 1982c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1983c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 1984c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1985c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1986c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1987c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Decode and decrypt given DER-encoded authenticator, then pass 1988c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** authenticator ctime back in *atimep (or 0 if time unavailable). 1989c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Returns krb5_error_code and kssl_err on error. A NULL 1990c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** authenticator (authentp->length == 0) is not considered an error. 1991c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Note that kssl_check_authent() makes use of the KRB5 session key; 1992c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** you must call kssl_sget_tkt() to get the key before calling this routine. 1993c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 1994c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_check_authent( 1995c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ KSSL_CTX *kssl_ctx, 1996c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ krb5_data *authentp, 1997c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ krb5_timestamp *atimep, 1998c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ KSSL_ERR *kssl_err ) 1999c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2000c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_error_code krb5rc = 0; 2001c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_ENCDATA *dec_authent = NULL; 2002c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org KRB5_AUTHENTBODY *auth = NULL; 2003c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_enctype enctype; 2004c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_CIPHER_CTX ciph_ctx; 2005c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org const EVP_CIPHER *enc = NULL; 2006c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char iv[EVP_MAX_IV_LENGTH]; 2007c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org const unsigned char *p; 2008c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char *unenc_authent; 2009c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int outl, unencbufsize; 2010c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org struct tm tm_time, *tm_l, *tm_g; 2011c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org time_t now, tl, tg, tr, tz_offset; 2012c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2013c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_CIPHER_CTX_init(&ciph_ctx); 2014c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *atimep = 0; 2015c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, 0, ""); 2016c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2017c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef KRB5CHECKAUTH 2018c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org authentp = NULL; 2019c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else 2020c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#if KRB5CHECKAUTH == 0 2021c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org authentp = NULL; 2022c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 2023c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KRB5CHECKAUTH */ 2024c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2025c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (authentp == NULL || authentp->length == 0) return 0; 2026c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2027c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 2028c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2029c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned int ui; 2030c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("kssl_check_authent: authenticator[%d]:\n",authentp->length); 2031c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p = authentp->data; 2032c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]); 2033c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 2034c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2035c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 2036c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2037c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unencbufsize = 2 * authentp->length; 2038c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((unenc_authent = calloc(1, unencbufsize)) == NULL) 2039c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2040c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 2041c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Unable to allocate authenticator buffer.\n"); 2042c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_ERR_GENERIC; 2043c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2044c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2045c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2046c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p = (unsigned char *)authentp->data; 2047c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p, 2048c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (long) authentp->length)) == NULL) 2049c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2050c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 2051c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Error decoding authenticator.\n"); 2052c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; 2053c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2054c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2055c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2056c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */ 2057c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#if !defined(KRB5_MIT_OLD11) 2058c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch ( enctype ) { 2059c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ 2060c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES3_CBC_SHA: 2061c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case ENCTYPE_DES3_CBC_RAW: 2062c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = 0; /* Skip, can't handle derived keys */ 2063c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2064c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2065c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 2066c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org enc = kssl_map_enc(enctype); 2067c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset(iv, 0, sizeof iv); /* per RFC 1510 */ 2068c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2069c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (enc == NULL) 2070c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2071c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. 2072c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** This enctype indicates the authenticator was encrypted 2073c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ** using key-usage derived keys which openssl cannot decrypt. 2074c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 2075c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2076c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2077c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2078c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0)) 2079c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2080c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 2081c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "EVP_CipherInit error decrypting authenticator.\n"); 2082c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; 2083c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2084c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2085c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org outl = dec_authent->cipher->length; 2086c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl)) 2087c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2088c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 2089c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "EVP_Cipher error decrypting authenticator.\n"); 2090c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; 2091c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2092c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2093c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2094c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2095c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 2096480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 2097480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org int padl; 2098c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl); 2099c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]); 2100c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("\n"); 2101480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 2102c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 2103c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2104c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) 2105c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2106c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 2107c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "confounded by authenticator.\n"); 2108c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; 2109c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2110c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2111c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org outl -= p - unenc_authent; 2112c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2113c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p, 2114c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (long) outl))==NULL) 2115c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2116c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 2117c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org "Error decoding authenticator body.\n"); 2118c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; 2119c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 2120c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2121c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2122c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset(&tm_time,0,sizeof(struct tm)); 2123c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (k_gmtime(auth->ctime, &tm_time) && 2124c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ((tr = mktime(&tm_time)) != (time_t)(-1))) 2125c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2126c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org now = time(&now); 2127c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tm_l = localtime(&now); tl = mktime(tm_l); 2128c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tm_g = gmtime(&now); tg = mktime(tm_g); 2129c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tz_offset = tg - tl; 2130c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2131480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org *atimep = (krb5_timestamp)(tr - tz_offset); 2132c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2133c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2134c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef KSSL_DEBUG 2135c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("kssl_check_authent: returns %d for client time ", *atimep); 2136c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (auth && auth->ctime && auth->ctime->length && auth->ctime->data) 2137c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("%.*s\n", auth->ctime->length, auth->ctime->data); 2138c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else printf("NULL\n"); 2139c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* KSSL_DEBUG */ 2140c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2141c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err: 2142c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (auth) KRB5_AUTHENT_free((KRB5_AUTHENT *) auth); 2143c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (dec_authent) KRB5_ENCDATA_free(dec_authent); 2144c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (unenc_authent) free(unenc_authent); 2145c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2146c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return krb5rc; 2147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host), 2151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** because I dont't know how to stub varargs. 2152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** Returns krb5_error_code == ENOMEM on alloc error, otherwise 2153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org** passes back newly constructed principal, which should be freed by caller. 2154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org*/ 2155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgkrb5_error_code kssl_build_principal_2( 2156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* UPDATE */ krb5_context context, 2157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* OUT */ krb5_principal *princ, 2158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ int rlen, const char *realm, 2159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ int slen, const char *svc, 2160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* IN */ int hlen, const char *host) 2161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2162c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_data *p_data = NULL; 2163c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_principal new_p = NULL; 2164c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char *new_r = NULL; 2165c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2166c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL || 2167c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data))) 2168c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org == NULL) goto err; 2169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new_p->length = 2; 2170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new_p->data = p_data; 2171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((new_r = calloc(1, rlen + 1)) == NULL) goto err; 2173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(new_r, realm, rlen); 2174c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_princ_set_realm_length(context, new_p, rlen); 2175c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_princ_set_realm_data(context, new_p, new_r); 2176c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2177c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL) goto err; 2178c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(new_p->data[0].data, svc, slen); 2179c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new_p->data[0].length = slen; 2180c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2181c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL) goto err; 2182c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(new_p->data[1].data, host, hlen); 2183c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new_p->data[1].length = hlen; 2184c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2185c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN; 2186c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *princ = new_p; 2187c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 2188c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2189c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err: 2190c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (new_p && new_p[0].data) free(new_p[0].data); 2191c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (new_p && new_p[1].data) free(new_p[1].data); 2192c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (new_p) free(new_p); 2193c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (new_r) free(new_r); 2194c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ENOMEM; 2195c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 2196c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 21972c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.orgvoid SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) 21982c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 21992c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org s->kssl_ctx = kctx; 22002c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 22012c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 22022c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.orgKSSL_CTX * SSL_get0_kssl_ctx(SSL *s) 22032c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 22042c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return s->kssl_ctx; 22052c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 22062c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 22072c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.orgchar *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) 22082c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 22092c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (kctx) 22102c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return kctx->client_princ; 22112c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return NULL; 22122c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 2213c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2214c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#else /* !OPENSSL_NO_KRB5 */ 2215c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2216c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) 2217c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void *dummy=&dummy; 2218c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 2219c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2220c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* !OPENSSL_NO_KRB5 */ 2221c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2222