All,
The current kssl_ctx_setprinc does not handle instances. I may have
a principal of: "[EMAIL PROTECTED]", "[EMAIL PROTECTED]" or
(technically) "[EMAIL PROTECTED]". The current
implementation will only place "[EMAIL PROTECTED]" in
kssl_ctx->client_princ.
These different parts of the client principal are stored in an array
of krb5_data:
krb5ticket->enc_part2->client->data[0..krb5ticket->enc_part2->client->length-1]
I've changed kssl.c:kssl_ctx_setprinc() to:
1) Take an additional argument (nentities)
2) calloc(3) enough memory for all of the entity[]->data elements, plus
the '/' separator characters
3) Build the principal with all of the entity[]->data elements, placing
a '/' between elements
4) No longer put '\0' bytes at the end of the string we're assembling.
Since we used calloc(3) and strncat (the data has an explicitly-stated
length), the buffer already has the terminating '\0' in the right place.
Tested with MIT 1.2.x on Solaris and HP-UX 11.00.
Thanks-
Dan
diff -ur openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.c
openssl-0.9.7-working/ssl/kssl.c
--- openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.c Mon Mar 18
21:07:15 2002
+++ openssl-0.9.7-working/ssl/kssl.c Tue Mar 26 16:10:38 2002
@@ -1514,7 +1514,8 @@
}
else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
&krb5ticket->enc_part2->client->realm,
- krb5ticket->enc_part2->client->data))
+ krb5ticket->enc_part2->client->data,
+ krb5ticket->enc_part2->client->length))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
"kssl_ctx_setprinc() fails.\n");
@@ -1581,16 +1582,17 @@
}
-/* Given a (krb5_data *) entity (and optional realm),
+/* Given an array of (krb5_data) entity (and optional realm),
** set the plain (char *) client_princ or service_host member
** of the kssl_ctx struct.
*/
krb5_error_code
kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
- krb5_data *realm, krb5_data *entity)
+ krb5_data *realm, krb5_data *entity, int nentities)
{
char **princ;
int length;
+ int i;
if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
@@ -1602,18 +1604,32 @@
}
if (*princ) free(*princ);
- length = entity->length + ((realm)? realm->length + 2: 1);
+ /* Add up all the entity->lengths */
+ length = 0;
+ for (i=0; i < nentities; i++)
+ {
+ length += entity[i].length;
+ }
+ /* Add in space for the '/' separator(s) (if any) */
+ length += nentities-1;
+ /* Space for the ('@'+realm+NULL | NULL) */
+ length += ((realm)? realm->length + 2: 1);
if ((*princ = calloc(1, length)) == NULL)
return KSSL_CTX_ERR;
else
{
- strncpy(*princ, entity->data, entity->length);
- (*princ)[entity->length]='\0';
+ for (i = 0; i < nentities; i++)
+ {
+ strncat(*princ, entity[i].data,
entity[i].length);
+ if (i < nentities-1)
+ {
+ strcat (*princ, "/");
+ }
+ }
if (realm)
{
strcat (*princ, "@");
(void) strncat(*princ, realm->data,
realm->length);
- (*princ)[entity->length+1+realm->length]='\0';
}
}
diff -ur openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.h
openssl-0.9.7-working/ssl/kssl.h
--- openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.h Wed Oct 10
03:55:01 2001
+++ openssl-0.9.7-working/ssl/kssl.h Tue Mar 26 16:14:25 2002
@@ -149,7 +149,7 @@
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
- krb5_data *realm, krb5_data *entity);
+ krb5_data *realm, krb5_data *entity, int nentities);
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data
**enc_tktp,
krb5_data *authenp, KSSL_ERR *kssl_err);
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data
*indata,
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
