1032 /*-     Given krb5 service (typically "kssl") and hostname in kssl_ctx,
1042 krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
1063     if (!kssl_ctx) {
1064         kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
1066     } else if (!kssl_ctx->service_host) {
1068                      "kssl_ctx service_host undefined.\n");
1080                                           kssl_ctx->service_host,
1081                                           (kssl_ctx->service_name) ?
1082                                           kssl_ctx->service_name : KRB5SVC,
1087                      kssl_ctx->service_host,
1088                      (kssl_ctx->
1089                       service_name) ? kssl_ctx->service_name : KRB5SVC);
1116     kssl_ctx->enctype = krb5credsp->session.keytype;
1118     kssl_ctx->enctype = krb5credsp->keyblock.enctype;
1163     if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) {
1168     if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) {
1178     kssl_ctx_show(kssl_ctx);
1279  *      Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
1282  *              to SSL Server in KSSL_CTX *kssl_ctx.
1286 krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
1310     if (!kssl_ctx) {
1311         kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
1316             kstring(kssl_ctx->service_name));
1346                                           (kssl_ctx->service_name) ?
1347                                           kssl_ctx->service_name : KRB5SVC,
1375      * kssl_ctx->keytab_file == NULL ==> use Kerberos default
1377     if (kssl_ctx->keytab_file) {
1378         krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
1492     } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
1498     } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) {
1508     kssl_ctx->enctype = krb5ticket->enc_part.enctype;
1516     kssl_ctx_show(kssl_ctx);
1531  * Allocate & return a new kssl_ctx struct.
1539  * Frees a kssl_ctx struct and any allocated memory it holds.  Returns NULL.
1541 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx)
1543     if (kssl_ctx == NULL)
1544         return kssl_ctx;
1546     if (kssl_ctx->key)
1547         OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
1548     if (kssl_ctx->key)
1549         kssl_free(kssl_ctx->key);
1550     if (kssl_ctx->client_princ)
1551         kssl_free(kssl_ctx->client_princ);
1552     if (kssl_ctx->service_host)
1553         kssl_free(kssl_ctx->service_host);
1554     if (kssl_ctx->service_name)
1555         kssl_free(kssl_ctx->service_name);
1556     if (kssl_ctx->keytab_file)
1557         kssl_free(kssl_ctx->keytab_file);
1559     kssl_free(kssl_ctx);
1565  * (char *) client_princ or service_host member of the kssl_ctx struct.
1568 kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
1575     if (kssl_ctx == NULL || entity == NULL)
1580         princ = &kssl_ctx->client_princ;
1583         princ = &kssl_ctx->service_host;
1620 /*-     Set one of the plain (char *) string members of the kssl_ctx struct.
1625 krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
1629     if (!kssl_ctx)
1634         string = &kssl_ctx->service_name;
1637         string = &kssl_ctx->service_host;
1640         string = &kssl_ctx->client_princ;
1643         string = &kssl_ctx->keytab_file;
1666  * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
1667  * struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
1669 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
1675     if (!kssl_ctx)
1678     if (kssl_ctx->key) {
1679         OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
1680         kssl_free(kssl_ctx->key);
1694         kssl_ctx->enctype = enctype;
1695         kssl_ctx->length = length;
1697         kssl_ctx->enctype = ENCTYPE_UNKNOWN;
1698         kssl_ctx->length = 0;
1702     if ((kssl_ctx->key =
1703          (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) {
1704         kssl_ctx->length = 0;
1707         memcpy(kssl_ctx->key, contents, length);
1713  * Display contents of kssl_ctx struct
1715 void kssl_ctx_show(KSSL_CTX *kssl_ctx)
1719     printf("kssl_ctx: ");
1720     if (kssl_ctx == NULL) {
1724         printf("%p\n", (void *)kssl_ctx);
1727            (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL");
1729            (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL");
1731            (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL");
1733            (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL");
1734     printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length);
1736     for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) {
1737         printf("%02x", kssl_ctx->key[i]);
1743 int kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
1756      * kssl_ctx->keytab_file == NULL ==> use Kerberos default
1758     if (kssl_ctx->keytab_file) {
1759         krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
1771                                      kssl_ctx->
1772                                      service_name ? kssl_ctx->service_name :
1802 int kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
1812     if (!kssl_ctx)
1815     if (!kssl_ctx->service_host)
1822                                           kssl_ctx->service_host,
1823                                           (kssl_ctx->service_name) ?
1824                                           kssl_ctx->service_name : KRB5SVC,
1844     kssl_ctx_show(kssl_ctx);
2006                                        */ KSSL_CTX *kssl_ctx,
2074     enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
2096     if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) {
2239     s->kssl_ctx = kctx;
2244     return s->kssl_ctx;

Indexes created Tue Jul 09 22:07:09 MDT 2024