[resend, this time cc'd to [EMAIL PROTECTED]] All, The current kssl_ctx_setprinc does not handle instances. I may have a principal of: "[EMAIL PROTECTED]", "[EMAIL PROTECTED]" or (technically) "[EMAIL PROTECTED]". The current implementation will only place "[EMAIL PROTECTED]" in kssl_ctx->client_princ.
These different parts of the client principal are stored in an array of krb5_data: krb5ticket->enc_part2->client->data[0..krb5ticket->enc_part2->client->length-1] I've changed kssl.c:kssl_ctx_setprinc() to: 1) Take an additional argument (nentities) 2) calloc(3) enough memory for all of the entity[]->data elements, plus the '/' separator characters 3) Build the principal with all of the entity[]->data elements, placing a '/' between elements 4) No longer put '\0' bytes at the end of the string we're assembling. Since we used calloc(3) and strncat (the data has an explicitly-stated length), the buffer already has the terminating '\0' in the right place. Tested with MIT 1.2.x on Solaris and HP-UX 11.00. Thanks- Dan diff -ur openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.c openssl-0.9.7-working/ssl/kssl.c --- openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.c Mon Mar 18 21:07:15 2002 +++ openssl-0.9.7-working/ssl/kssl.c Tue Mar 26 16:10:38 2002 @@ -1514,7 +1514,8 @@ } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data)) + krb5ticket->enc_part2->client->data, + krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); @@ -1581,16 +1582,17 @@ } -/* Given a (krb5_data *) entity (and optional realm), +/* Given an array of (krb5_data) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity) + krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; + int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; @@ -1602,18 +1604,32 @@ } if (*princ) free(*princ); - length = entity->length + ((realm)? realm->length + 2: 1); + /* Add up all the entity->lengths */ + length = 0; + for (i=0; i < nentities; i++) + { + length += entity[i].length; + } + /* Add in space for the '/' separator(s) (if any) */ + length += nentities-1; + /* Space for the ('@'+realm+NULL | NULL) */ + length += ((realm)? realm->length + 2: 1); if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else { - strncpy(*princ, entity->data, entity->length); - (*princ)[entity->length]='\0'; + for (i = 0; i < nentities; i++) + { + strncat(*princ, entity[i].data, entity[i].length); + if (i < nentities-1) + { + strcat (*princ, "/"); + } + } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); - (*princ)[entity->length+1+realm->length]='\0'; } } diff -ur openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.h openssl-0.9.7-working/ssl/kssl.h --- openssl-0.9.7-stable-SNAP-20020325/ssl/kssl.h Wed Oct 10 03:55:01 2001 +++ openssl-0.9.7-working/ssl/kssl.h Tue Mar 26 16:14:25 2002 @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity); + krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]