Include the instance in the Kerberos ticket information.
In s_server, print the received Kerberos information. PR: 693
This commit is contained in:
Richard Levitte
parent
4097dce455
commit
ec4e600da6
3 changed files with 34 additions and 11 deletions
|
|
@ -1263,7 +1263,13 @@ static int init_ssl_connection(SSL *con)
|
|||
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
|
||||
TLS1_FLAGS_TLS_PADDING_BUG)
|
||||
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
|
||||
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con->kssl_ctx->client_princ != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
|
||||
con->kssl_ctx->client_princ);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
|
|
|||
35
ssl/kssl.c
35
ssl/kssl.c
|
|
@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
|
|||
"bad ticket from krb5_rd_req.\n");
|
||||
}
|
||||
else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
|
||||
&krb5ticket->enc_part2->client->realm,
|
||||
krb5ticket->enc_part2->client->data))
|
||||
&krb5ticket->enc_part2->client->realm,
|
||||
krb5ticket->enc_part2->client->data,
|
||||
krb5ticket->enc_part2->client->length))
|
||||
{
|
||||
kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
|
||||
"kssl_ctx_setprinc() fails.\n");
|
||||
|
|
@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
|
|||
}
|
||||
|
||||
|
||||
/* Given a (krb5_data *) entity (and optional realm),
|
||||
/* Given an array of (krb5_data *) entity (and optional realm),
|
||||
** set the plain (char *) client_princ or service_host member
|
||||
** of the kssl_ctx struct.
|
||||
*/
|
||||
krb5_error_code
|
||||
kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
|
||||
krb5_data *realm, krb5_data *entity)
|
||||
krb5_data *realm, krb5_data *entity, int nentities)
|
||||
{
|
||||
char **princ;
|
||||
int length;
|
||||
int i;
|
||||
|
||||
if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
|
||||
|
||||
|
|
@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
|
|||
}
|
||||
if (*princ) free(*princ);
|
||||
|
||||
length = entity->length + ((realm)? realm->length + 2: 1);
|
||||
/* Add up all the entity->lengths */
|
||||
length = 0;
|
||||
for (i=0; i < nentities; i++)
|
||||
{
|
||||
length += entity[i].length;
|
||||
}
|
||||
/* Add in space for the '/' character(s) (if any) */
|
||||
length += nentities-1;
|
||||
/* Space for the ('@'+realm+NULL | NULL) */
|
||||
length += ((realm)? realm->length + 2: 1);
|
||||
|
||||
if ((*princ = calloc(1, length)) == NULL)
|
||||
return KSSL_CTX_ERR;
|
||||
else
|
||||
{
|
||||
strncpy(*princ, entity->data, entity->length);
|
||||
(*princ)[entity->length]='\0';
|
||||
{
|
||||
for (i = 0; i < nentities; i++)
|
||||
{
|
||||
strncat(*princ, entity[i].data, entity[i].length);
|
||||
if (i < nentities-1)
|
||||
{
|
||||
strcat (*princ, "/");
|
||||
}
|
||||
}
|
||||
if (realm)
|
||||
{
|
||||
strcat (*princ, "@");
|
||||
(void) strncat(*princ, realm->data, realm->length);
|
||||
(*princ)[entity->length+1+realm->length]='\0';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void);
|
|||
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
|
||||
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
|
||||
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
|
||||
krb5_data *realm, krb5_data *entity);
|
||||
krb5_data *realm, krb5_data *entity, int nentities);
|
||||
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
|
||||
krb5_data *authenp, KSSL_ERR *kssl_err);
|
||||
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
|
||||
|
|
|
|||
Loading…
Reference in a new issue