]>
Commit | Line | Data |
---|---|---|
43fcc1b0 RL |
1 | /* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */ |
2 | /* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000. | |
3 | */ | |
4 | /* ==================================================================== | |
5 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | |
15 | * notice, this list of conditions and the following disclaimer in | |
16 | * the documentation and/or other materials provided with the | |
17 | * distribution. | |
18 | * | |
19 | * 3. All advertising materials mentioning features or use of this | |
20 | * software must display the following acknowledgment: | |
21 | * "This product includes software developed by the OpenSSL Project | |
22 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
23 | * | |
24 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
25 | * endorse or promote products derived from this software without | |
26 | * prior written permission. For written permission, please contact | |
27 | * licensing@OpenSSL.org. | |
28 | * | |
29 | * 5. Products derived from this software may not be called "OpenSSL" | |
30 | * nor may "OpenSSL" appear in their names without prior written | |
31 | * permission of the OpenSSL Project. | |
32 | * | |
33 | * 6. Redistributions of any form whatsoever must retain the following | |
34 | * acknowledgment: | |
35 | * "This product includes software developed by the OpenSSL Project | |
36 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
37 | * | |
38 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
39 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
40 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
41 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
42 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
43 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
44 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
45 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
46 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
47 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
49 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
50 | * ==================================================================== | |
51 | * | |
52 | * This product includes cryptographic software written by Eric Young | |
53 | * (eay@cryptsoft.com). This product includes software written by Tim | |
54 | * Hudson (tjh@cryptsoft.com). | |
55 | * | |
56 | */ | |
57 | ||
58 | ||
59 | /* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl | |
60 | ** | |
61 | ** 19990701 VRS Started. | |
62 | */ | |
63 | ||
7bd51947 | 64 | #include <openssl/opensslconf.h> |
bc36ee62 | 65 | #ifndef OPENSSL_NO_KRB5 |
43fcc1b0 RL |
66 | #include <string.h> |
67 | #include <openssl/ssl.h> | |
68 | ||
f9b3bff6 RL |
69 | /* |
70 | * When OpenSSL is built on Windows, we do not want to require that | |
71 | * the Kerberos DLLs be available in order for the OpenSSL DLLs to | |
72 | * work. Therefore, all Kerberos routines are loaded at run time | |
73 | * and we do not link to a .LIB file. | |
74 | */ | |
75 | ||
bc36ee62 | 76 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) |
f9b3bff6 RL |
77 | /* |
78 | * The purpose of the following pre-processor statements is to provide | |
79 | * compatibility with different releases of MIT Kerberos for Windows. | |
80 | * All versions up to 1.2 used macros. But macros do not allow for | |
81 | * a binary compatible interface for DLLs. Therefore, all macros are | |
82 | * being replaced by function calls. The following code will allow | |
83 | * an OpenSSL DLL built on Windows to work whether or not the macro | |
84 | * or function form of the routines are utilized. | |
85 | */ | |
86 | #ifdef krb5_cc_get_principal | |
87 | #define NO_DEF_KRB5_CCACHE | |
88 | #undef krb5_cc_get_principal | |
89 | #endif | |
90 | #define krb5_cc_get_principal kssl_krb5_cc_get_principal | |
91 | ||
92 | #define krb5_free_data_contents kssl_krb5_free_data_contents | |
93 | #define krb5_free_context kssl_krb5_free_context | |
94 | #define krb5_auth_con_free kssl_krb5_auth_con_free | |
95 | #define krb5_free_principal kssl_krb5_free_principal | |
96 | #define krb5_mk_req_extended kssl_krb5_mk_req_extended | |
97 | #define krb5_get_credentials kssl_krb5_get_credentials | |
98 | #define krb5_cc_default kssl_krb5_cc_default | |
99 | #define krb5_sname_to_principal kssl_krb5_sname_to_principal | |
100 | #define krb5_init_context kssl_krb5_init_context | |
101 | #define krb5_free_ticket kssl_krb5_free_ticket | |
102 | #define krb5_rd_req kssl_krb5_rd_req | |
103 | #define krb5_kt_default kssl_krb5_kt_default | |
104 | #define krb5_kt_resolve kssl_krb5_kt_resolve | |
105 | #define krb5_auth_con_init kssl_krb5_auth_con_init | |
106 | ||
107 | /* Prototypes for built in stubs */ | |
108 | void kssl_krb5_free_data_contents(krb5_context, krb5_data *); | |
109 | void kssl_krb5_free_principal(krb5_context, krb5_principal ); | |
110 | krb5_error_code kssl_krb5_kt_resolve(krb5_context, | |
111 | krb5_const char *, | |
112 | krb5_keytab *); | |
113 | krb5_error_code kssl_krb5_kt_default(krb5_context, | |
114 | krb5_keytab *); | |
115 | krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *); | |
116 | krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, | |
117 | krb5_const krb5_data *, | |
118 | krb5_const_principal, krb5_keytab, | |
119 | krb5_flags *,krb5_ticket **); | |
120 | krb5_error_code kssl_krb5_mk_req_extended(krb5_context, | |
121 | krb5_auth_context *, | |
122 | krb5_const krb5_flags, | |
123 | krb5_data *, | |
124 | krb5_creds *, | |
125 | krb5_data * ); | |
126 | krb5_error_code kssl_krb5_init_context(krb5_context *); | |
127 | void kssl_krb5_free_context(krb5_context); | |
128 | krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache *); | |
129 | krb5_error_code kssl_krb5_sname_to_principal(krb5_context, | |
130 | krb5_const char *, | |
131 | krb5_const char *, | |
132 | krb5_int32, | |
133 | krb5_principal *); | |
134 | krb5_error_code kssl_krb5_get_credentials(krb5_context, | |
135 | krb5_const krb5_flags, | |
136 | krb5_ccache, | |
137 | krb5_creds *, | |
138 | krb5_creds * *); | |
139 | krb5_error_code kssl_krb5_auth_con_init(krb5_context, | |
140 | krb5_auth_context *); | |
141 | krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, | |
142 | krb5_ccache cache, | |
143 | krb5_principal *principal); | |
144 | krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context); | |
145 | ||
146 | /* Function pointers (almost all Kerberos functions are _stdcall) */ | |
147 | static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)=NULL; | |
148 | static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )=NULL; | |
149 | static krb5_error_code(_stdcall *p_krb5_kt_resolve)(krb5_context, krb5_const char *, | |
150 | krb5_keytab *)=NULL; | |
151 | static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context, | |
152 | krb5_keytab *)=NULL; | |
153 | static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, | |
154 | krb5_ticket *)=NULL; | |
155 | static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, | |
156 | krb5_auth_context *, | |
157 | krb5_const krb5_data *, | |
158 | krb5_const_principal, | |
159 | krb5_keytab, krb5_flags *, | |
160 | krb5_ticket **)=NULL; | |
161 | static krb5_error_code (_stdcall *p_krb5_mk_req_extended) (krb5_context, | |
162 | krb5_auth_context *, | |
163 | krb5_const krb5_flags, | |
164 | krb5_data *, | |
165 | krb5_creds *, | |
166 | krb5_data * )=NULL; | |
167 | static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL; | |
168 | static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL; | |
169 | static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context, | |
170 | krb5_ccache *)=NULL; | |
171 | static krb5_error_code (_stdcall *p_krb5_sname_to_principal)(krb5_context, | |
172 | krb5_const char *, | |
173 | krb5_const char *, | |
174 | krb5_int32, | |
175 | krb5_principal *)=NULL; | |
176 | static krb5_error_code (_stdcall *p_krb5_get_credentials)(krb5_context, | |
177 | krb5_const krb5_flags, | |
178 | krb5_ccache, | |
179 | krb5_creds *, | |
180 | krb5_creds * *)=NULL; | |
181 | static krb5_error_code (_stdcall *p_krb5_auth_con_init)(krb5_context, | |
182 | krb5_auth_context *)=NULL; | |
183 | static krb5_error_code (_stdcall *p_krb5_cc_get_principal)(krb5_context context, | |
184 | krb5_ccache cache, | |
185 | krb5_principal *principal)=NULL; | |
186 | static krb5_error_code (_stdcall *p_krb5_auth_con_free)(krb5_context, | |
187 | krb5_auth_context)=NULL; | |
188 | static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */ | |
189 | ||
190 | /* Function to Load the Kerberos 5 DLL and initialize function pointers */ | |
191 | void | |
192 | load_krb5_dll(void) | |
193 | { | |
194 | HANDLE hKRB5_32; | |
195 | ||
196 | krb5_loaded++; | |
197 | hKRB5_32 = LoadLibrary("KRB5_32"); | |
198 | if (!hKRB5_32) | |
199 | return; | |
200 | ||
201 | (FARPROC) p_krb5_free_data_contents = | |
202 | GetProcAddress( hKRB5_32, "krb5_free_data_contents" ); | |
203 | (FARPROC) p_krb5_free_context = | |
204 | GetProcAddress( hKRB5_32, "krb5_free_context" ); | |
205 | (FARPROC) p_krb5_auth_con_free = | |
206 | GetProcAddress( hKRB5_32, "krb5_auth_con_free" ); | |
207 | (FARPROC) p_krb5_free_principal = | |
208 | GetProcAddress( hKRB5_32, "krb5_free_principal" ); | |
209 | (FARPROC) p_krb5_mk_req_extended = | |
210 | GetProcAddress( hKRB5_32, "krb5_mk_req_extended" ); | |
211 | (FARPROC) p_krb5_get_credentials = | |
212 | GetProcAddress( hKRB5_32, "krb5_get_credentials" ); | |
213 | (FARPROC) p_krb5_cc_get_principal = | |
214 | GetProcAddress( hKRB5_32, "krb5_cc_get_principal" ); | |
215 | (FARPROC) p_krb5_cc_default = | |
216 | GetProcAddress( hKRB5_32, "krb5_cc_default" ); | |
217 | (FARPROC) p_krb5_sname_to_principal = | |
218 | GetProcAddress( hKRB5_32, "krb5_sname_to_principal" ); | |
219 | (FARPROC) p_krb5_init_context = | |
220 | GetProcAddress( hKRB5_32, "krb5_init_context" ); | |
221 | (FARPROC) p_krb5_free_ticket = | |
222 | GetProcAddress( hKRB5_32, "krb5_free_ticket" ); | |
223 | (FARPROC) p_krb5_rd_req = | |
224 | GetProcAddress( hKRB5_32, "krb5_rd_req" ); | |
225 | (FARPROC) p_krb5_kt_default = | |
226 | GetProcAddress( hKRB5_32, "krb5_kt_default" ); | |
227 | (FARPROC) p_krb5_kt_resolve = | |
228 | GetProcAddress( hKRB5_32, "krb5_kt_resolve" ); | |
229 | (FARPROC) p_krb5_auth_con_init = | |
230 | GetProcAddress( hKRB5_32, "krb5_auth_con_init" ); | |
231 | } | |
232 | ||
233 | /* Stubs for each function to be dynamicly loaded */ | |
234 | void | |
235 | kssl_krb5_free_data_contents(krb5_context CO, krb5_data * data) | |
236 | { | |
237 | if (!krb5_loaded) | |
238 | load_krb5_dll(); | |
239 | ||
240 | if ( p_krb5_free_data_contents ) | |
241 | p_krb5_free_data_contents(CO,data); | |
242 | } | |
243 | ||
244 | krb5_error_code | |
245 | kssl_krb5_mk_req_extended (krb5_context CO, | |
246 | krb5_auth_context * pACO, | |
247 | krb5_const krb5_flags F, | |
248 | krb5_data * pD1, | |
249 | krb5_creds * pC, | |
250 | krb5_data * pD2) | |
251 | { | |
252 | if (!krb5_loaded) | |
253 | load_krb5_dll(); | |
254 | ||
255 | if ( p_krb5_mk_req_extended ) | |
256 | return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2)); | |
257 | else | |
258 | return KRB5KRB_ERR_GENERIC; | |
259 | } | |
260 | krb5_error_code | |
261 | kssl_krb5_auth_con_init(krb5_context CO, | |
262 | krb5_auth_context * pACO) | |
263 | { | |
264 | if (!krb5_loaded) | |
265 | load_krb5_dll(); | |
266 | ||
267 | if ( p_krb5_auth_con_init ) | |
268 | return(p_krb5_auth_con_init(CO,pACO)); | |
269 | else | |
270 | return KRB5KRB_ERR_GENERIC; | |
271 | } | |
272 | krb5_error_code | |
273 | kssl_krb5_auth_con_free (krb5_context CO, | |
274 | krb5_auth_context ACO) | |
275 | { | |
276 | if (!krb5_loaded) | |
277 | load_krb5_dll(); | |
278 | ||
279 | if ( p_krb5_auth_con_free ) | |
280 | return(p_krb5_auth_con_free(CO,ACO)); | |
281 | else | |
282 | return KRB5KRB_ERR_GENERIC; | |
283 | } | |
284 | krb5_error_code | |
285 | kssl_krb5_get_credentials(krb5_context CO, | |
286 | krb5_const krb5_flags F, | |
287 | krb5_ccache CC, | |
288 | krb5_creds * pCR, | |
289 | krb5_creds ** ppCR) | |
290 | { | |
291 | if (!krb5_loaded) | |
292 | load_krb5_dll(); | |
293 | ||
294 | if ( p_krb5_get_credentials ) | |
295 | return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR)); | |
296 | else | |
297 | return KRB5KRB_ERR_GENERIC; | |
298 | } | |
299 | krb5_error_code | |
300 | kssl_krb5_sname_to_principal(krb5_context CO, | |
301 | krb5_const char * pC1, | |
302 | krb5_const char * pC2, | |
303 | krb5_int32 I, | |
304 | krb5_principal * pPR) | |
305 | { | |
306 | if (!krb5_loaded) | |
307 | load_krb5_dll(); | |
308 | ||
309 | if ( p_krb5_sname_to_principal ) | |
310 | return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR)); | |
311 | else | |
312 | return KRB5KRB_ERR_GENERIC; | |
313 | } | |
314 | ||
315 | krb5_error_code | |
316 | kssl_krb5_cc_default(krb5_context CO, | |
317 | krb5_ccache * pCC) | |
318 | { | |
319 | if (!krb5_loaded) | |
320 | load_krb5_dll(); | |
321 | ||
322 | if ( p_krb5_cc_default ) | |
323 | return(p_krb5_cc_default(CO,pCC)); | |
324 | else | |
325 | return KRB5KRB_ERR_GENERIC; | |
326 | } | |
327 | ||
328 | krb5_error_code | |
329 | kssl_krb5_init_context(krb5_context * pCO) | |
330 | { | |
331 | if (!krb5_loaded) | |
332 | load_krb5_dll(); | |
333 | ||
334 | if ( p_krb5_init_context ) | |
335 | return(p_krb5_init_context(pCO)); | |
336 | else | |
337 | return KRB5KRB_ERR_GENERIC; | |
338 | } | |
339 | ||
340 | void | |
341 | kssl_krb5_free_context(krb5_context CO) | |
342 | { | |
343 | if (!krb5_loaded) | |
344 | load_krb5_dll(); | |
345 | ||
346 | if ( p_krb5_free_context ) | |
347 | p_krb5_free_context(CO); | |
348 | } | |
349 | ||
350 | void | |
351 | kssl_krb5_free_principal(krb5_context c, krb5_principal p) | |
352 | { | |
353 | if (!krb5_loaded) | |
354 | load_krb5_dll(); | |
355 | ||
356 | if ( p_krb5_free_principal ) | |
357 | p_krb5_free_principal(c,p); | |
358 | } | |
359 | ||
360 | krb5_error_code | |
361 | kssl_krb5_kt_resolve(krb5_context con, | |
362 | krb5_const char * sz, | |
363 | krb5_keytab * kt) | |
364 | { | |
365 | if (!krb5_loaded) | |
366 | load_krb5_dll(); | |
367 | ||
368 | if ( p_krb5_kt_resolve ) | |
369 | return(p_krb5_kt_resolve(con,sz,kt)); | |
370 | else | |
371 | return KRB5KRB_ERR_GENERIC; | |
372 | } | |
373 | ||
374 | krb5_error_code | |
375 | kssl_krb5_kt_default(krb5_context con, | |
376 | krb5_keytab * kt) | |
377 | { | |
378 | if (!krb5_loaded) | |
379 | load_krb5_dll(); | |
380 | ||
381 | if ( p_krb5_kt_default ) | |
382 | return(p_krb5_kt_default(con,kt)); | |
383 | else | |
384 | return KRB5KRB_ERR_GENERIC; | |
385 | } | |
386 | ||
387 | krb5_error_code | |
388 | kssl_krb5_free_ticket(krb5_context con, | |
389 | krb5_ticket * kt) | |
390 | { | |
391 | if (!krb5_loaded) | |
392 | load_krb5_dll(); | |
393 | ||
394 | if ( p_krb5_free_ticket ) | |
395 | return(p_krb5_free_ticket(con,kt)); | |
396 | else | |
397 | return KRB5KRB_ERR_GENERIC; | |
398 | } | |
399 | ||
400 | krb5_error_code | |
401 | kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon, | |
402 | krb5_const krb5_data * data, | |
403 | krb5_const_principal princ, krb5_keytab keytab, | |
404 | krb5_flags * flags, krb5_ticket ** pptkt) | |
405 | { | |
406 | if (!krb5_loaded) | |
407 | load_krb5_dll(); | |
408 | ||
409 | if ( p_krb5_rd_req ) | |
410 | return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt)); | |
411 | else | |
412 | return KRB5KRB_ERR_GENERIC; | |
413 | } | |
414 | ||
415 | /* Structure definitions */ | |
416 | #ifndef NO_DEF_KRB5_CCACHE | |
417 | #ifndef krb5_x | |
418 | #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) | |
419 | #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) | |
420 | #endif | |
421 | ||
422 | typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ | |
423 | ||
424 | typedef struct _krb5_ccache | |
425 | { | |
426 | krb5_magic magic; | |
427 | struct _krb5_cc_ops FAR *ops; | |
428 | krb5_pointer data; | |
429 | } *krb5_ccache; | |
430 | ||
431 | typedef struct _krb5_cc_ops | |
432 | { | |
433 | krb5_magic magic; | |
434 | char *prefix; | |
435 | char * (KRB5_CALLCONV *get_name) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); | |
436 | krb5_error_code (KRB5_CALLCONV *resolve) KRB5_NPROTOTYPE((krb5_context, krb5_ccache *, | |
437 | const char *)); | |
438 | krb5_error_code (KRB5_CALLCONV *gen_new) KRB5_NPROTOTYPE((krb5_context, krb5_ccache *)); | |
439 | krb5_error_code (KRB5_CALLCONV *init) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
440 | krb5_principal)); | |
441 | krb5_error_code (KRB5_CALLCONV *destroy) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); | |
442 | krb5_error_code (KRB5_CALLCONV *close) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); | |
443 | krb5_error_code (KRB5_CALLCONV *store) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
444 | krb5_creds *)); | |
445 | krb5_error_code (KRB5_CALLCONV *retrieve) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
446 | krb5_flags, krb5_creds *, | |
447 | krb5_creds *)); | |
448 | krb5_error_code (KRB5_CALLCONV *get_princ) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
449 | krb5_principal *)); | |
450 | krb5_error_code (KRB5_CALLCONV *get_first) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
451 | krb5_cc_cursor *)); | |
452 | krb5_error_code (KRB5_CALLCONV *get_next) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
453 | krb5_cc_cursor *, krb5_creds *)); | |
454 | krb5_error_code (KRB5_CALLCONV *end_get) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
455 | krb5_cc_cursor *)); | |
456 | krb5_error_code (KRB5_CALLCONV *remove_cred) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
457 | krb5_flags, krb5_creds *)); | |
458 | krb5_error_code (KRB5_CALLCONV *set_flags) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, | |
459 | krb5_flags)); | |
460 | } krb5_cc_ops; | |
461 | #endif /* NO_DEF_KRB5_CCACHE */ | |
462 | ||
463 | krb5_error_code | |
464 | kssl_krb5_cc_get_principal | |
465 | (krb5_context context, krb5_ccache cache, | |
466 | krb5_principal *principal) | |
467 | { | |
468 | if ( p_krb5_cc_get_principal ) | |
469 | return(p_krb5_cc_get_principal(context,cache,principal)); | |
470 | else | |
471 | return(krb5_x ((cache)->ops->get_princ,(context, cache, principal))); | |
472 | } | |
bc36ee62 | 473 | #endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ |
f9b3bff6 | 474 | |
43fcc1b0 RL |
475 | char |
476 | *kstring(char *string) | |
477 | { | |
478 | static char *null = "[NULL]"; | |
479 | ||
480 | return ((string == NULL)? null: string); | |
481 | } | |
482 | ||
483 | #define MAXKNUM 255 | |
484 | char | |
485 | *knumber(int len, krb5_octet *contents) | |
486 | { | |
487 | static char buf[MAXKNUM+1]; | |
488 | int i; | |
489 | ||
490 | BIO_snprintf(buf, MAXKNUM, "[%d] ", len); | |
491 | ||
492 | for (i=0; i < len && MAXKNUM > strlen(buf)+3; i++) | |
493 | { | |
494 | BIO_snprintf(&buf[strlen(buf)], 3, "%02x", contents[i]); | |
495 | } | |
496 | ||
497 | return (buf); | |
f9b3bff6 | 498 | } |
43fcc1b0 RL |
499 | |
500 | ||
501 | /* Set kssl_err error info when reason text is a simple string | |
502 | ** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } | |
503 | */ | |
504 | void | |
505 | kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) | |
506 | { | |
507 | if (kssl_err == NULL) return; | |
508 | ||
509 | kssl_err->reason = reason; | |
510 | BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, text); | |
511 | return; | |
512 | } | |
513 | ||
514 | ||
515 | /* Display contents of krb5_data struct, for debugging | |
516 | */ | |
517 | void | |
518 | print_krb5_data(char *label, krb5_data *kdata) | |
519 | { | |
520 | int i; | |
521 | ||
522 | printf("%s[%d] ", label, kdata->length); | |
523 | for (i=0; i < kdata->length; i++) | |
524 | { | |
525 | if (isprint((int) kdata->data[i])) | |
526 | printf( "%c ", kdata->data[i]); | |
527 | else | |
528 | printf( "%02x", kdata->data[i]); | |
529 | } | |
530 | printf("\n"); | |
531 | } | |
532 | ||
533 | ||
534 | /* Display contents of krb5_authdata struct, for debugging | |
535 | */ | |
536 | void | |
537 | print_krb5_authdata(char *label, krb5_authdata **adata) | |
538 | { | |
539 | if (adata == NULL) | |
540 | { | |
541 | printf("%s, authdata==0\n", label); | |
542 | return; | |
543 | } | |
544 | printf("%s [%p]\n", label, adata); | |
545 | #if 0 | |
546 | { | |
547 | int i; | |
548 | printf("%s[at%d:%d] ", label, adata->ad_type, adata->length); | |
549 | for (i=0; i < adata->length; i++) | |
550 | { | |
551 | printf((isprint(adata->contents[i]))? "%c ": "%02x", | |
552 | adata->contents[i]); | |
553 | } | |
554 | printf("\n"); | |
555 | } | |
556 | #endif | |
f9b3bff6 | 557 | } |
43fcc1b0 RL |
558 | |
559 | ||
560 | /* Display contents of krb5_keyblock struct, for debugging | |
561 | */ | |
562 | void | |
563 | print_krb5_keyblock(char *label, krb5_keyblock *keyblk) | |
564 | { | |
565 | int i; | |
566 | ||
567 | if (keyblk == NULL) | |
568 | { | |
569 | printf("%s, keyblk==0\n", label); | |
570 | return; | |
571 | } | |
f9b3bff6 RL |
572 | #ifdef KRB5_HEIMDAL |
573 | printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype, keyblk->keyvalue->length); | |
574 | for (i=0; i < keyblk->keyvalue->length; i++) | |
575 | { | |
576 | printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]); | |
577 | } | |
578 | printf("\n"); | |
579 | #else | |
43fcc1b0 RL |
580 | printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length); |
581 | for (i=0; i < keyblk->length; i++) | |
582 | { | |
583 | printf("%02x",keyblk->contents[i]); | |
584 | } | |
585 | printf("\n"); | |
f9b3bff6 | 586 | #endif |
43fcc1b0 RL |
587 | } |
588 | ||
589 | ||
590 | /* Given krb5 service (typically "kssl") and hostname in kssl_ctx, | |
591 | ** Create Kerberos AP_REQ message for SSL Client. | |
592 | ** | |
593 | ** 19990628 VRS Started. | |
594 | */ | |
595 | krb5_error_code | |
596 | kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, | |
597 | /* OUT */ krb5_data *krb5_app_req, KSSL_ERR *kssl_err) | |
f9b3bff6 | 598 | { |
43fcc1b0 RL |
599 | krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; |
600 | krb5_context krb5context = NULL; | |
601 | krb5_auth_context krb5auth_context = NULL; | |
602 | krb5_ccache krb5ccdef = NULL; | |
603 | krb5_creds krb5creds, *krb5credsp = NULL; | |
604 | krb5_data krb5in_data; | |
605 | ||
606 | kssl_err_set(kssl_err, 0, ""); | |
607 | memset((char *)&krb5creds, 0, sizeof(krb5creds)); | |
608 | ||
609 | if (!kssl_ctx) | |
610 | { | |
611 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
612 | "No kssl_ctx defined.\n"); | |
613 | goto err; | |
614 | } | |
615 | else if (!kssl_ctx->service_host) | |
616 | { | |
617 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
618 | "kssl_ctx service_host undefined.\n"); | |
619 | goto err; | |
620 | } | |
621 | ||
622 | if ((krb5rc = krb5_init_context(&krb5context)) != 0) | |
623 | { | |
624 | BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, | |
625 | "krb5_init_context() fails: %d\n", krb5rc); | |
626 | kssl_err->reason = SSL_R_KRB5_C_INIT; | |
627 | goto err; | |
628 | } | |
629 | ||
630 | if ((krb5rc = krb5_sname_to_principal(krb5context, | |
631 | kssl_ctx->service_host, | |
632 | (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, | |
633 | KRB5_NT_SRV_HST, &krb5creds.server)) != 0) | |
634 | { | |
635 | BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, | |
636 | "krb5_sname_to_principal() fails for %s/%s\n", | |
637 | kssl_ctx->service_host, | |
638 | (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC); | |
639 | kssl_err->reason = SSL_R_KRB5_C_INIT; | |
640 | goto err; | |
641 | } | |
642 | ||
643 | if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) | |
644 | { | |
645 | kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, | |
646 | "krb5_cc_default fails.\n"); | |
647 | goto err; | |
648 | } | |
649 | ||
650 | if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, | |
651 | &krb5creds.client)) != 0) | |
652 | { | |
653 | kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, | |
654 | "krb5_cc_get_principal() fails.\n"); | |
655 | goto err; | |
656 | } | |
657 | ||
658 | if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, | |
659 | &krb5creds, &krb5credsp)) != 0) | |
660 | { | |
661 | kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED, | |
662 | "krb5_get_credentials() fails.\n"); | |
663 | goto err; | |
664 | } | |
665 | ||
666 | krb5in_data.data = NULL; | |
667 | krb5in_data.length = 0; | |
668 | ||
669 | krb5rc = KRB5KRB_ERR_GENERIC; | |
670 | /* caller should free data of krb5_app_req */ | |
671 | if ((krb5rc = krb5_mk_req_extended(krb5context, &krb5auth_context, | |
672 | 0, &krb5in_data, krb5credsp, krb5_app_req)) != 0) | |
673 | { | |
674 | kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ, | |
675 | "krb5_mk_req_extended() fails.\n"); | |
676 | goto err; | |
677 | } | |
f9b3bff6 RL |
678 | #ifdef KRB5_HEIMDAL |
679 | else if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) | |
680 | { | |
681 | kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, | |
682 | "kssl_ctx_setkey() fails.\n"); | |
683 | } | |
684 | #else | |
43fcc1b0 RL |
685 | else if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) |
686 | { | |
687 | kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, | |
688 | "kssl_ctx_setkey() fails.\n"); | |
689 | } | |
f9b3bff6 | 690 | #endif |
43fcc1b0 RL |
691 | else krb5rc = 0; |
692 | ||
693 | err: | |
694 | #ifdef KSSL_DEBUG | |
695 | kssl_ctx_show(kssl_ctx); | |
696 | #endif /* KSSL_DEBUG */ | |
697 | ||
698 | if (krb5creds.client) krb5_free_principal(krb5context, krb5creds.client); | |
699 | if (krb5creds.server) krb5_free_principal(krb5context, krb5creds.server); | |
700 | if (krb5auth_context) krb5_auth_con_free(krb5context, krb5auth_context); | |
701 | if (krb5context) krb5_free_context(krb5context); | |
702 | return (krb5rc); | |
f9b3bff6 | 703 | } |
43fcc1b0 RL |
704 | |
705 | ||
706 | /* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), | |
707 | ** and krb5 AP_REQ message & message length, | |
708 | ** Return Kerberos session key and client principle | |
709 | ** to SSL Server in KSSL_CTX *kssl_ctx. | |
710 | ** | |
711 | ** 19990702 VRS Started. | |
712 | */ | |
713 | krb5_error_code | |
714 | kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, | |
715 | /* IN */ char *msg, int msglen, | |
716 | /* OUT */ KSSL_ERR *kssl_err ) | |
717 | { | |
718 | krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; | |
719 | static krb5_context krb5context = NULL; | |
720 | static krb5_auth_context krb5auth_context = NULL; | |
721 | krb5_ticket *krb5ticket = NULL; | |
722 | krb5_keytab krb5keytab = NULL; | |
723 | krb5_principal krb5server; | |
724 | krb5_data krb5in_data; | |
725 | krb5_flags ap_option; | |
726 | ||
727 | kssl_err_set(kssl_err, 0, ""); | |
728 | ||
729 | if (!kssl_ctx) | |
730 | { | |
731 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); | |
732 | goto err; | |
733 | } | |
734 | ||
735 | #ifdef KSSL_DEBUG | |
736 | printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name)); | |
737 | #endif /* KSSL_DEBUG */ | |
738 | ||
739 | if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) | |
740 | { | |
741 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
742 | "krb5_init_context() fails.\n"); | |
743 | goto err; | |
744 | } | |
745 | if (krb5auth_context && | |
746 | (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) | |
747 | { | |
748 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
749 | "krb5_auth_con_free() fails.\n"); | |
750 | goto err; | |
751 | } | |
752 | else krb5auth_context = NULL; | |
753 | if (!krb5auth_context && | |
754 | (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) | |
755 | { | |
756 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
757 | "krb5_auth_con_init() fails.\n"); | |
758 | goto err; | |
759 | } | |
760 | ||
761 | if ((krb5rc = krb5_sname_to_principal(krb5context, NULL, | |
762 | (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, | |
763 | KRB5_NT_SRV_HST, &krb5server)) != 0) | |
764 | { | |
765 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
766 | "krb5_sname_to_principal() fails.\n"); | |
767 | goto err; | |
768 | } | |
769 | ||
f9b3bff6 | 770 | /* kssl_ctx->keytab_file == NULL ==> use Kerberos default |
43fcc1b0 | 771 | */ |
f9b3bff6 RL |
772 | if (kssl_ctx->keytab_file) |
773 | { | |
774 | krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, | |
775 | &krb5keytab); | |
3e7a6396 | 776 | if (krb5rc) |
f9b3bff6 RL |
777 | { |
778 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
779 | "krb5_kt_resolve() fails.\n"); | |
780 | goto err; | |
781 | } | |
782 | } | |
783 | else | |
784 | { | |
785 | krb5rc = krb5_kt_default(krb5context,&krb5keytab); | |
786 | if (krb5rc) | |
787 | { | |
788 | kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, | |
789 | "krb5_kt_default() fails.\n"); | |
790 | goto err; | |
791 | } | |
792 | } | |
43fcc1b0 RL |
793 | |
794 | /* Actual Kerberos5 krb5_recvauth() has initial conversation here | |
795 | ** o check KRB5_SENDAUTH_BADAUTHVERS unless KRB5_RECVAUTH_SKIP_VERSION | |
796 | ** o check KRB5_SENDAUTH_BADAPPLVERS | |
797 | ** o send "0" msg if all OK | |
798 | */ | |
799 | ||
800 | krb5in_data.data = msg; | |
801 | krb5in_data.length = msglen; | |
802 | if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, &krb5in_data, | |
f9b3bff6 | 803 | krb5server, krb5keytab, &ap_option, &krb5ticket)) != 0) |
43fcc1b0 RL |
804 | { |
805 | BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, | |
806 | "krb5_rd_req() fails with %x.\n", krb5rc); | |
807 | kssl_err->reason = SSL_R_KRB5_S_RD_REQ; | |
808 | goto err; | |
809 | } | |
810 | ||
811 | krb5rc = KRB5_NO_TKT_SUPPLIED; | |
812 | if (!krb5ticket || !krb5ticket->enc_part2 || | |
813 | !krb5ticket->enc_part2->client || | |
814 | !krb5ticket->enc_part2->client->data || | |
815 | !krb5ticket->enc_part2->session) | |
816 | { | |
817 | kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, | |
818 | "bad ticket from krb5_rd_req.\n"); | |
819 | } | |
820 | else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, | |
821 | &krb5ticket->enc_part2->client->realm, | |
822 | krb5ticket->enc_part2->client->data)) | |
823 | { | |
824 | kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, | |
825 | "kssl_ctx_setprinc() fails.\n"); | |
826 | } | |
827 | else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) | |
828 | { | |
829 | kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, | |
830 | "kssl_ctx_setkey() fails.\n"); | |
831 | } | |
832 | else krb5rc = 0; | |
833 | ||
834 | err: | |
835 | #ifdef KSSL_DEBUG | |
836 | kssl_ctx_show(kssl_ctx); | |
837 | #endif /* KSSL_DEBUG */ | |
838 | ||
f9b3bff6 | 839 | if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); |
43fcc1b0 RL |
840 | if (krb5ticket) krb5_free_ticket(krb5context, krb5ticket); |
841 | if (krb5server) krb5_free_principal(krb5context, krb5server); | |
842 | return (krb5rc); | |
843 | } | |
844 | ||
845 | ||
846 | /* Allocate & return a new kssl_ctx struct. | |
847 | */ | |
848 | KSSL_CTX * | |
849 | kssl_ctx_new(void) | |
850 | { | |
851 | return ((KSSL_CTX *) calloc(1, sizeof(KSSL_CTX))); | |
852 | } | |
853 | ||
854 | ||
855 | /* Frees a kssl_ctx struct and any allocated memory it holds. | |
856 | ** Returns NULL. | |
857 | */ | |
858 | KSSL_CTX * | |
859 | kssl_ctx_free(KSSL_CTX *kssl_ctx) | |
860 | { | |
861 | if (kssl_ctx == NULL) return kssl_ctx; | |
862 | ||
863 | if (kssl_ctx->key) memset(kssl_ctx->key, 0, kssl_ctx->length); | |
864 | if (kssl_ctx->key) free(kssl_ctx->key); | |
865 | if (kssl_ctx->client_princ) free(kssl_ctx->client_princ); | |
866 | if (kssl_ctx->service_host) free(kssl_ctx->service_host); | |
867 | if (kssl_ctx->service_name) free(kssl_ctx->service_name); | |
868 | if (kssl_ctx->keytab_file) free(kssl_ctx->keytab_file); | |
869 | ||
870 | free(kssl_ctx); | |
871 | return (KSSL_CTX *) NULL; | |
872 | } | |
873 | ||
874 | ||
875 | /* Given a (krb5_data *) entity (and optional realm), | |
876 | ** set the plain (char *) client_princ or service_host member | |
877 | ** of the kssl_ctx struct. | |
878 | */ | |
879 | krb5_error_code | |
880 | kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, | |
881 | krb5_data *realm, krb5_data *entity) | |
882 | { | |
883 | char **princ; | |
884 | int length; | |
885 | ||
886 | if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; | |
887 | ||
888 | switch (which) | |
889 | { | |
890 | case KSSL_CLIENT: princ = &kssl_ctx->client_princ; break; | |
891 | case KSSL_SERVER: princ = &kssl_ctx->service_host; break; | |
892 | default: return KSSL_CTX_ERR; break; | |
893 | } | |
894 | if (*princ) free(*princ); | |
895 | ||
896 | length = entity->length + ((realm)? realm->length + 2: 1); | |
f9b3bff6 RL |
897 | if ((*princ = calloc(1, length)) == NULL) |
898 | return KSSL_CTX_ERR; | |
43fcc1b0 RL |
899 | else |
900 | { | |
901 | strncpy(*princ, entity->data, entity->length); | |
902 | if (realm) | |
903 | { | |
904 | strcat (*princ, "@"); | |
905 | (void) strncat(*princ, realm->data, realm->length); | |
906 | } | |
907 | } | |
908 | ||
909 | return KSSL_CTX_OK; | |
910 | } | |
911 | ||
912 | ||
913 | /* Set one of the plain (char *) string members of the kssl_ctx struct. | |
914 | ** Default values should be: | |
f9b3bff6 RL |
915 | ** which == KSSL_SERVICE => "khost" (KRB5SVC) |
916 | ** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) | |
43fcc1b0 RL |
917 | */ |
918 | krb5_error_code | |
919 | kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) | |
920 | { | |
921 | char **string; | |
922 | ||
923 | if (!kssl_ctx) return KSSL_CTX_ERR; | |
924 | ||
925 | switch (which) | |
926 | { | |
927 | case KSSL_SERVICE: string = &kssl_ctx->service_name; break; | |
928 | case KSSL_SERVER: string = &kssl_ctx->service_host; break; | |
929 | case KSSL_CLIENT: string = &kssl_ctx->client_princ; break; | |
930 | case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break; | |
931 | default: return KSSL_CTX_ERR; break; | |
932 | } | |
933 | if (*string) free(*string); | |
934 | ||
935 | if (!text) | |
936 | { | |
937 | *string = '\0'; | |
938 | return KSSL_CTX_OK; | |
939 | } | |
940 | ||
f9b3bff6 RL |
941 | if ((*string = calloc(1, strlen(text) + 1)) == NULL) |
942 | return KSSL_CTX_ERR; | |
943 | else | |
944 | strcpy(*string, text); | |
43fcc1b0 RL |
945 | |
946 | return KSSL_CTX_OK; | |
947 | } | |
948 | ||
949 | ||
950 | /* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx | |
951 | ** struct. Clear kssl_ctx->key if Kerberos session key is NULL. | |
952 | */ | |
953 | krb5_error_code | |
954 | kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) | |
955 | { | |
956 | if (!kssl_ctx) return KSSL_CTX_ERR; | |
957 | ||
958 | if (kssl_ctx->key) | |
959 | { | |
960 | memset(kssl_ctx->key, 0, kssl_ctx->length); | |
961 | free(kssl_ctx->key); | |
962 | } | |
963 | ||
964 | if (session) | |
965 | { | |
966 | kssl_ctx->enctype = session->enctype; | |
967 | kssl_ctx->length = session->length; | |
968 | } | |
969 | else | |
970 | { | |
971 | kssl_ctx->enctype = ENCTYPE_UNKNOWN; | |
972 | kssl_ctx->length = 0; | |
973 | return KSSL_CTX_OK; | |
974 | } | |
975 | ||
976 | if ((kssl_ctx->key = | |
977 | (krb5_octet FAR *) calloc(1, kssl_ctx->length)) == NULL) | |
978 | { | |
979 | kssl_ctx->length = 0; | |
980 | return KSSL_CTX_ERR; | |
981 | } | |
f9b3bff6 RL |
982 | else |
983 | memcpy(kssl_ctx->key, session->contents, session->length); | |
43fcc1b0 RL |
984 | |
985 | return KSSL_CTX_OK; | |
986 | } | |
987 | ||
988 | ||
989 | /* Display contents of kssl_ctx struct | |
990 | */ | |
991 | void | |
992 | kssl_ctx_show(KSSL_CTX *kssl_ctx) | |
993 | { | |
994 | int i; | |
995 | ||
996 | printf("kssl_ctx: "); | |
997 | if (kssl_ctx == NULL) | |
998 | { | |
999 | printf("NULL\n"); | |
1000 | return; | |
1001 | } | |
f9b3bff6 RL |
1002 | else |
1003 | printf("%p\n", kssl_ctx); | |
43fcc1b0 RL |
1004 | |
1005 | printf("\tservice:\t%s\n", | |
1006 | (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); | |
1007 | printf("\tclient:\t%s\n", | |
1008 | (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL"); | |
1009 | printf("\tserver:\t%s\n", | |
1010 | (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL"); | |
1011 | printf("\tkeytab:\t%s\n", | |
1012 | (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL"); | |
1013 | printf("\tkey [%d:%d]:\t", | |
1014 | kssl_ctx->enctype, kssl_ctx->length); | |
1015 | ||
1016 | for (i=0; i < kssl_ctx->length && kssl_ctx->key; i++) | |
1017 | { | |
1018 | printf("%02x", kssl_ctx->key[i]); | |
1019 | } | |
1020 | printf("\n"); | |
1021 | return; | |
1022 | } | |
1023 | ||
f9b3bff6 RL |
1024 | void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) |
1025 | { | |
1026 | #ifdef KRB5_HEIMDAL | |
1027 | data->length = 0; | |
1028 | free(data->if (data->data) data); | |
1029 | #else | |
1030 | krb5_free_data_contents(NULL, data); | |
1031 | #endif | |
1032 | } | |
1033 | ||
bc36ee62 | 1034 | #else /* !OPENSSL_NO_KRB5 */ |
b0dc680f BL |
1035 | |
1036 | #ifdef PEDANTIC | |
1037 | static int dummy=(int)&dummy; | |
1038 | #endif | |
1039 | ||
bc36ee62 | 1040 | #endif /* !OPENSSL_NO_KRB5 */ |
43fcc1b0 | 1041 |