Ejemplo n.º 1
0
/* private */
void
LiteralValue_Priv::decode_krb5_principal_name(unsigned char* data, int len)
{
	KRB5_PRINC_NAME *pname = NULL;
	const unsigned char *p;
	p = data;

	pname = d2i_KRB5_PRINC_NAME(NULL, &p, len);

	if(pname == NULL ||
	   pname->realm == NULL ||
	   pname->kerberosname == NULL ||
	   pname->kerberosname->namelist == NULL)
	{
		//ERR_print_errors_fp(stderr);
		LOGIT_ERROR("Unable to decode KRB5PrincipalName");

		setLiteral("othername", std::string("unsupported(1.3.6.1.5.2.2)"));
		return;
	}

	std::string principal = "";

	for(int i = 0; i < sk_ASN1_GENERALSTRING_num(pname->kerberosname->namelist); i++)
	{
		//LOGIT_DEBUG( "NAMELIST" << i << ":" << asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i)));
		if(principal == "")
		{
			principal += asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i));
		}
		else
		{
			principal += "/" + asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i));
		}
	}

	principal += "@" + asn1string2string(pname->realm);

	setLiteral("1.3.6.1.5.2.2", principal);
	p = NULL;
}
Ejemplo n.º 2
0
/*  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
**  Return Kerberos error code and kssl_err struct on error.
**  Allocates krb5_ticket and krb5_principal; caller should free these.
**
**	20010410	VRS	Implemented krb5_decode_ticket() as
**				old_krb5_decode_ticket(). Missing from MIT1.0.6.
**	20010615	VRS 	Re-cast as openssl/asn1 d2i_*() functions.
**				Re-used some of the old krb5_decode_ticket()
**				code here.  This tkt should alloc/free just
**				like the real thing.
*/
static krb5_error_code
kssl_TKT2tkt(
	/* IN     */	krb5_context	krb5context,
	/* IN     */	KRB5_TKTBODY	*asn1ticket,
	/* OUT    */	krb5_ticket	**krb5ticket,
	/* OUT    */	KSSL_ERR *kssl_err  )
{
        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
	krb5_ticket 			*new5ticket = NULL;
	ASN1_GENERALSTRING		*gstr_svc, *gstr_host;

	*krb5ticket = NULL;

	if (asn1ticket == NULL || asn1ticket->realm == NULL ||
	    asn1ticket->sname == NULL ||
	    sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) {
		(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
		    "Null field in asn1ticket.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return KRB5KRB_ERR_GENERIC;
	}

	if ((new5ticket =
	    (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) {
		(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
		    "Unable to allocate new krb5_ticket.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return ENOMEM; /*  or  KRB5KRB_ERR_GENERIC; */
	}

	gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
	gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);

	if ((krb5rc = kssl_build_principal_2(krb5context, &new5ticket->server,
	    asn1ticket->realm->length, (char *)asn1ticket->realm->data,
	    gstr_svc->length, (char *)gstr_svc->data, gstr_host->length,
	    (char *)gstr_host->data)) != 0) {
		free(new5ticket);
		(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
		    "Error building ticket server principal.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return krb5rc; /*  or  KRB5KRB_ERR_GENERIC; */
	}

	krb5_princ_type(krb5context, new5ticket->server) =
	    asn1ticket->sname->nametype->data[0];
	new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
	new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
	new5ticket->enc_part.ciphertext.length =
	    asn1ticket->encdata->cipher->length;
	if ((new5ticket->enc_part.ciphertext.data =
	    calloc(1, asn1ticket->encdata->cipher->length)) == NULL) {
		free(new5ticket);
		(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
		    "Error allocating cipher in krb5ticket.\n");
		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
		return KRB5KRB_ERR_GENERIC;
	} else {
		memcpy(new5ticket->enc_part.ciphertext.data,
		asn1ticket->encdata->cipher->data,
		asn1ticket->encdata->cipher->length);
	}

	*krb5ticket = new5ticket;
	return 0;
}