• Your recent searches
Socket-Class
13 results

 view release on metacpan or  search on metacpan

xs/sc_ssl/openssl/source/ssl/kssl.c  view on Meta::CPAN 


/*  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
**  Return Kerberos error code and kssl_err struct on error.
**  Allocates krb5_ticket and krb5_principal; caller should free these.
**
**	20010410	VRS	Implemented krb5_decode_ticket() as
**				old_krb5_decode_ticket(). Missing from MIT1.0.6.
**	20010615	VRS 	Re-cast as openssl/asn1 d2i_*() functions.
**				Re-used some of the old krb5_decode_ticket()
**				code here.  This tkt should alloc/free just
**				like the real thing.
*/
krb5_error_code
kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
		/* IN     */	KRB5_TKTBODY	*asn1ticket,
		/* OUT    */	krb5_ticket	**krb5ticket,
		/* OUT    */	KSSL_ERR *kssl_err  )
        {
        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
	krb5_ticket 			*new5ticket = NULL;
	ASN1_GENERALSTRING		*gstr_svc, *gstr_host;

	*krb5ticket = NULL;

	if (asn1ticket == NULL  ||  asn1ticket->realm == NULL  ||
		asn1ticket->sname == NULL  || 
		sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
		{
		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
			"Null field in asn1ticket.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return KRB5KRB_ERR_GENERIC;
		}

	if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)
		{
		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
			"Unable to allocate new krb5_ticket.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return ENOMEM;		/*  or  KRB5KRB_ERR_GENERIC;	*/
		}

	gstr_svc  = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
	gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);

	if ((krb5rc = kssl_build_principal_2(krb5context,
			&new5ticket->server,
			asn1ticket->realm->length, (char *)asn1ticket->realm->data,
			gstr_svc->length,  (char *)gstr_svc->data,
			gstr_host->length, (char *)gstr_host->data)) != 0)
		{
		free(new5ticket);
		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
			"Error building ticket server principal.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return krb5rc;		/*  or  KRB5KRB_ERR_GENERIC;	*/
		}

	krb5_princ_type(krb5context, new5ticket->server) =
			asn1ticket->sname->nametype->data[0];
	new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
	new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
	new5ticket->enc_part.ciphertext.length =
			asn1ticket->encdata->cipher->length;
	if ((new5ticket->enc_part.ciphertext.data =
		calloc(1, asn1ticket->encdata->cipher->length)) == NULL)
		{
		free(new5ticket);
		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
			"Error allocating cipher in krb5ticket.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return KRB5KRB_ERR_GENERIC;
		}
	else
		{
		memcpy(new5ticket->enc_part.ciphertext.data,
			asn1ticket->encdata->cipher->data,
			asn1ticket->encdata->cipher->length);
		}

	*krb5ticket = new5ticket;
	return 0;
	}


/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
**		and krb5 AP_REQ message & message length,
**	Return Kerberos session key and client principle
**		to SSL Server in KSSL_CTX *kssl_ctx.
**
**	19990702	VRS 	Started.
*/
krb5_error_code
kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,
		/* IN     */	krb5_data		*indata,
		/* OUT    */	krb5_ticket_times	*ttimes,
		/* OUT    */	KSSL_ERR		*kssl_err  )
        {
        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
        static krb5_context		krb5context = NULL;
	static krb5_auth_context	krb5auth_context = NULL;
	krb5_ticket 			*krb5ticket = NULL;
	KRB5_TKTBODY 			*asn1ticket = NULL;
	const unsigned char		*p;
	krb5_keytab 			krb5keytab = NULL;
	krb5_keytab_entry		kt_entry;
	krb5_principal			krb5server;
        krb5_rcache                     rcache = NULL;

	kssl_err_set(kssl_err, 0, "");

	if (!kssl_ctx)
                {
		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
			"No kssl_ctx defined.\n");
		goto err;
		}

#ifdef KSSL_DEBUG
	printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
#endif	/* KSSL_DEBUG */

	if (!krb5context  &&  (krb5rc = krb5_init_context(&krb5context)))
                {
		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
                        "krb5_init_context() fails.\n");
		goto err;
		}
	if (krb5auth_context  &&
		(krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))
                {
		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
                        "krb5_auth_con_free() fails.\n");
		goto err;
		}
	else  krb5auth_context = NULL;
	if (!krb5auth_context  &&
		(krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))



( run in 2.546 seconds using v1.01-cache-2.11-cpan-63c85eba8c4 )