mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-24 18:43:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>

Browse Source 
His comments are:

 . Fixed all of the Windows dynamic loading functions, prototypes, etc.

 . Corrected all of the unsigned/signed comparison warnings

 . Replaced the references to krb5_cksumarray[] for two reasons.
   First, it was an internal variable that should not have been
   referenced outside the library; nor could it have been with
   a shared library with restricted exports.  Second, the
   variable is no longer used in current Kerberos implementations.
   I replaced the code with equivalent functionality using functions
   that are exported from the library.
This commit is contained in:
Richard Levitte 2001-07-11 15:31:45 +00:00
parent 679df234b7
commit 8de83bf876
1 changed files with 123 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
ssl/kssl.c
View File

@ -120,9 +120,12 @@
#define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part
#define krb5_timeofday kssl_krb5_timeofday
#define krb5_rc_default kssl_krb5_rc_default
#define krb5_krb5_rc_initialize kssl_krb5_rc_initialize
#define krb5_krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
#define krb5_krb5_rc_destroy kssl_krb5_rc_destroy
#define krb5_rc_initialize kssl_krb5_rc_initialize
#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
#define krb5_rc_destroy kssl_krb5_rc_destroy
#define valid_cksumtype kssl_valid_cksumtype
#define krb5_checksum_size kssl_krb5_checksum_size
#define krb5_kt_free_entry kssl_krb5_kt_free_entry
/* Prototypes for built in stubs */
void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
@ -140,16 +143,6 @@ krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
krb5_const_principal);
krb5_error_code krb5_decrypt_tkt_part(krb5_context, krb5_const krb5_keyblock *,
krb5_ticket *);
krb5_error_code krb5_timeofday(krb5_context context, krb5_int32 *timeret);
krb5_error_code krb5_rc_default(krb5_context context, krb5_rcache *rc);
krb5_error_code krb5_rc_initialize(krb5_context context, krb5_rcache rc,
krb5_deltat lifespan);
krb5_error_code krb5_rc_get_lifespan(krb5_context context, krb5_rcache rc,
krb5_deltat *lifespan);
krb5_error_code krb5_rc_destroy(krb5_context context, krb5_rcache rc);
krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
krb5_auth_context *,
krb5_const krb5_flags,
@ -175,6 +168,9 @@ krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
krb5_ccache cache,
krb5_principal *principal);
krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);
size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);
krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );
/* Function pointers (almost all Kerberos functions are _stdcall) */
static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)
@ -214,6 +210,27 @@ static krb5_error_code (_stdcall *p_krb5_cc_get_principal)
krb5_principal *principal)=NULL;
static krb5_error_code (_stdcall *p_krb5_auth_con_free)
(krb5_context, krb5_auth_context)=NULL;
static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)
(krb5_context, krb5_const krb5_keyblock *,
krb5_ticket *)=NULL;
static krb5_error_code (_stdcall *p_krb5_timeofday)
(krb5_context context, krb5_int32 *timeret)=NULL;
static krb5_error_code (_stdcall *p_krb5_rc_default)
(krb5_context context, krb5_rcache *rc)=NULL;
static krb5_error_code (_stdcall *p_krb5_rc_initialize)
(krb5_context context, krb5_rcache rc,
krb5_deltat lifespan)=NULL;
static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)
(krb5_context context, krb5_rcache rc,
krb5_deltat *lifespan)=NULL;
static krb5_error_code (_stdcall *p_krb5_rc_destroy)
(krb5_context context, krb5_rcache rc)=NULL;
static krb5_boolean (_stdcall *p_krb5_principal_compare)
(krb5_context, krb5_const_principal, krb5_const_principal)=NULL;
static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;
static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;
static krb5_error_code (_stdcall *p_krb5_kt_free_entry)
(krb5_context,krb5_keytab_entry * )=NULL;
static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */
/* Function to Load the Kerberos 5 DLL and initialize function pointers */
@ -271,6 +288,12 @@ load_krb5_dll(void)
GetProcAddress( hKRB5_32, "krb5_kt_resolve" );
(FARPROC) p_krb5_auth_con_init =
GetProcAddress( hKRB5_32, "krb5_auth_con_init" );
(FARPROC) p_valid_cksumtype =
GetProcAddress( hKRB5_32, "valid_cksumtype" );
(FARPROC) p_krb5_checksum_size =
GetProcAddress( hKRB5_32, "krb5_checksum_size" );
(FARPROC) p_krb5_kt_free_entry =
GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );
}
/* Stubs for each function to be dynamicly loaded */
@ -463,7 +486,7 @@ krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
load_krb5_dll();
if ( p_krb5_principal_compare )
return(p_krb5_principal_compare(con,princ1,princ2);
return(p_krb5_principal_compare(con,princ1,princ2));
else
return KRB5KRB_ERR_GENERIC;
}
@ -476,7 +499,7 @@ krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
load_krb5_dll();
if ( p_krb5_decrypt_tkt_part )
return(p_krb5_decrypt_tkt_part(con,keys,ticket);
return(p_krb5_decrypt_tkt_part(con,keys,ticket));
else
return KRB5KRB_ERR_GENERIC;
}
@ -488,7 +511,7 @@ krb5_timeofday(krb5_context con, krb5_int32 *timeret)
load_krb5_dll();
if ( p_krb5_timeofday )
return(p_krb5_timeofday(con,timeret);
return(p_krb5_timeofday(con,timeret));
else
return KRB5KRB_ERR_GENERIC;
}
@ -500,7 +523,7 @@ krb5_rc_default(krb5_context con, krb5_rcache *rc)
load_krb5_dll();
if ( p_krb5_rc_default )
return(p_krb5_rc_default(con,rc);
return(p_krb5_rc_default(con,rc));
else
return KRB5KRB_ERR_GENERIC;
}
@ -512,7 +535,7 @@ krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
load_krb5_dll();
if ( p_krb5_rc_initialize )
return(p_krb5_rc_initialize(con, rc, lifespan);
return(p_krb5_rc_initialize(con, rc, lifespan));
else
return KRB5KRB_ERR_GENERIC;
}
@ -524,7 +547,7 @@ krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
load_krb5_dll();
if ( p_krb5_rc_get_lifespan )
return(p_krb5_rc_get_lifespan(con, rc, lifespanp);
return(p_krb5_rc_get_lifespan(con, rc, lifespanp));
else
return KRB5KRB_ERR_GENERIC;
}
@ -536,11 +559,47 @@ krb5_rc_destroy(krb5_context con, krb5_rcache rc)
load_krb5_dll();
if ( p_krb5_rc_destroy )
return(p_krb5_rc_destroy(con, rc);
return(p_krb5_rc_destroy(con, rc));
else
return KRB5KRB_ERR_GENERIC;
}
size_t
krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)
{
if (!krb5_loaded)
load_krb5_dll();
if ( p_krb5_checksum_size )
return(p_krb5_checksum_size(context, ctype));
else
return KRB5KRB_ERR_GENERIC;
}
krb5_boolean
valid_cksumtype(krb5_cksumtype ctype)
{
if (!krb5_loaded)
load_krb5_dll();
if ( p_valid_cksumtype )
return(p_valid_cksumtype(ctype));
else
return KRB5KRB_ERR_GENERIC;
}
krb5_error_code
krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)
{
if (!krb5_loaded)
load_krb5_dll();
if ( p_krb5_kt_free_entry )
return(p_krb5_kt_free_entry(con,entry));
else
return KRB5KRB_ERR_GENERIC;
}
/* Structure definitions */
#ifndef NO_DEF_KRB5_CCACHE
#ifndef krb5_x
@ -562,36 +621,36 @@ typedef struct _krb5_cc_ops
krb5_magic magic;
char *prefix;
char * (KRB5_CALLCONV *get_name)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache));
(krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *resolve)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache *, const char *));
(krb5_context, krb5_ccache *, const char *);
krb5_error_code (KRB5_CALLCONV *gen_new)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache *));
(krb5_context, krb5_ccache *);
krb5_error_code (KRB5_CALLCONV *init)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_principal));
(krb5_context, krb5_ccache, krb5_principal);
krb5_error_code (KRB5_CALLCONV *destroy)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache));
(krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *close)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache));
(krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *store)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_creds *));
(krb5_context, krb5_ccache, krb5_creds *);
krb5_error_code (KRB5_CALLCONV *retrieve)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache,
krb5_flags, krb5_creds *, krb5_creds *));
(krb5_context, krb5_ccache,
krb5_flags, krb5_creds *, krb5_creds *);
krb5_error_code (KRB5_CALLCONV *get_princ)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_principal *));
(krb5_context, krb5_ccache, krb5_principal *);
krb5_error_code (KRB5_CALLCONV *get_first)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_cc_cursor *));
(krb5_context, krb5_ccache, krb5_cc_cursor *);
krb5_error_code (KRB5_CALLCONV *get_next)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache,
krb5_cc_cursor *, krb5_creds *));
(krb5_context, krb5_ccache,
krb5_cc_cursor *, krb5_creds *);
krb5_error_code (KRB5_CALLCONV *end_get)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_cc_cursor *));
(krb5_context, krb5_ccache, krb5_cc_cursor *);
krb5_error_code (KRB5_CALLCONV *remove_cred)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache,
krb5_flags, krb5_creds *));
(krb5_context, krb5_ccache,
krb5_flags, krb5_creds *);
krb5_error_code (KRB5_CALLCONV *set_flags)
KRB5_NPROTOTYPE((krb5_context, krb5_ccache, krb5_flags));
(krb5_context, krb5_ccache, krb5_flags);
} krb5_cc_ops;
#endif /* NO_DEF_KRB5_CCACHE */
@ -697,23 +756,29 @@ int kssl_test_confound(unsigned char *p)
/* Allocate, fill, and return cksumlens array of checksum lengths.
** This array holds just the unique elements from the krb5_cksumarray[].
** array[n] == 0 signals end of data.
**
** The krb5_cksumarray[] was an internal variable that has since been
** replaced by a more general method for storing the data. It should
** not be used. Instead we use real API calls and make a guess for
** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
*/
int *populate_cksumlens(void)
{
int i, j, n = krb5_max_cksum+1;
static int *cklens = NULL;
int i, j, n = 0x0010+1;
static size_t *cklens = NULL;
#ifdef KRB5CHECKAUTH
if (!cklens && !(cklens = (int *) calloc(sizeof(int), n))) return NULL;
if (!cklens && !(cklens = (size_t *) calloc(sizeof(int), n))) return NULL;
for (i=0; i < krb5_max_cksum; i++) {
if (!krb5_cksumarray[i]) continue; /* array has holes */
for (j=0; j < krb5_max_cksum; j++) {
for (i=0; i < n; i++) {
if (!valid_cksumtype(i)) continue; /* array has holes */
for (j=0; j < n; j++) {
if (cklens[j] == 0) {
cklens[j] = krb5_cksumarray[i]->checksum_length;
cklens[j] = krb5_checksum_size(NULL,i);
break; /* krb5 elem was new: add */
}
if (cklens[j] == krb5_cksumarray[i]->checksum_length) {
if (cklens[j] == krb5_checksum_size(NULL,i)) {
break; /* ignore duplicate elements */
}
}
@ -768,7 +833,7 @@ kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
void
print_krb5_data(char *label, krb5_data *kdata)
{
int i;
unsigned int i;
printf("%s[%d] ", label, kdata->length);
for (i=0; i < kdata->length; i++)
@ -813,7 +878,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
void
print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
{
int i;
unsigned int i;
if (keyblk == NULL)
{
@ -845,17 +910,18 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
void
print_krb5_princ(char *label, krb5_principal_data *princ)
{
int i, j;
unsigned int ui, uj;
int i;
printf("%s principal Realm: ", label);
if (princ == NULL) return;
for (i=0; i < princ->realm.length; i++) putchar(princ->realm.data[i]);
for (ui=0; ui < princ->realm.length; ui++) putchar(princ->realm.data[ui]);
printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
for (i=0; i < princ->length; i++)
{
printf("\t%d [%d]: ", i, princ->data[i].length);
for (j=0; j < princ->data[i].length; j++) {
putchar(princ->data[i].data[j]);
for (uj=0; uj < princ->data[i].length; uj++) {
putchar(princ->data[i].data[uj]);
}
printf("\n");
}
@ -996,7 +1062,8 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
}
if (ap_req) KRB5_APREQ_free((KRB5_APREQ *) ap_req);
if (krb5_app_req.length) krb5_xfree(krb5_app_req.data);
if (krb5_app_req.length)
krb5_free_data_contents(krb5context,&krb5_app_req);
}
#ifdef KRB5_HEIMDAL
if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))
@ -1531,6 +1598,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
return;
}
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
{
#ifdef KRB5_HEIMDAL
@ -1545,7 +1613,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
krb5_free_data_contents(NULL, data);
#endif
}
#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
/* Helper function for kssl_validate_times().
** We need context->clockskew, but krb5_context is an opaque struct.
@ -1631,6 +1699,7 @@ krb5_error_code kssl_check_authent(
int padl, outl, unencbufsize;
struct tm tm_time, *tm_l, *tm_g;
time_t now, tl, tg, tz_offset;
char * strptime();
*atimep = 0;
kssl_err_set(kssl_err, 0, "");
@ -1728,7 +1797,7 @@ krb5_error_code kssl_check_authent(
}
else strncpy(tbuf, auth->ctime->data, auth->ctime->length);
if (strptime(tbuf, "%Y%m%d%H%M%S", &tm_time) != NULL)
if ((char *)strptime(tbuf, "%Y%m%d%H%M%S", &tm_time) != NULL)
{
now = time(&now);
tm_l = localtime(&now); tl = mktime(tm_l);