/* private */ void LiteralValue_Priv::decode_krb5_principal_name(unsigned char* data, int len) { KRB5_PRINC_NAME *pname = NULL; const unsigned char *p; p = data; pname = d2i_KRB5_PRINC_NAME(NULL, &p, len); if(pname == NULL || pname->realm == NULL || pname->kerberosname == NULL || pname->kerberosname->namelist == NULL) { //ERR_print_errors_fp(stderr); LOGIT_ERROR("Unable to decode KRB5PrincipalName"); setLiteral("othername", std::string("unsupported(1.3.6.1.5.2.2)")); return; } std::string principal = ""; for(int i = 0; i < sk_ASN1_GENERALSTRING_num(pname->kerberosname->namelist); i++) { //LOGIT_DEBUG( "NAMELIST" << i << ":" << asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i))); if(principal == "") { principal += asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i)); } else { principal += "/" + asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i)); } } principal += "@" + asn1string2string(pname->realm); setLiteral("1.3.6.1.5.2.2", principal); p = NULL; }
/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. ** Return Kerberos error code and kssl_err struct on error. ** Allocates krb5_ticket and krb5_principal; caller should free these. ** ** 20010410 VRS Implemented krb5_decode_ticket() as ** old_krb5_decode_ticket(). Missing from MIT1.0.6. ** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. ** Re-used some of the old krb5_decode_ticket() ** code here. This tkt should alloc/free just ** like the real thing. */ static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* IN */ KRB5_TKTBODY *asn1ticket, /* OUT */ krb5_ticket **krb5ticket, /* OUT */ KSSL_ERR *kssl_err ) { krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; krb5_ticket *new5ticket = NULL; ASN1_GENERALSTRING *gstr_svc, *gstr_host; *krb5ticket = NULL; if (asn1ticket == NULL || asn1ticket->realm == NULL || asn1ticket->sname == NULL || sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) { (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Null field in asn1ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return KRB5KRB_ERR_GENERIC; } if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) { (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Unable to allocate new krb5_ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ } gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0); gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1); if ((krb5rc = kssl_build_principal_2(krb5context, &new5ticket->server, asn1ticket->realm->length, (char *)asn1ticket->realm->data, gstr_svc->length, (char *)gstr_svc->data, gstr_host->length, (char *)gstr_host->data)) != 0) { free(new5ticket); (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Error building ticket server principal.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ } krb5_princ_type(krb5context, new5ticket->server) = asn1ticket->sname->nametype->data[0]; new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0]; new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0]; new5ticket->enc_part.ciphertext.length = asn1ticket->encdata->cipher->length; if ((new5ticket->enc_part.ciphertext.data = calloc(1, asn1ticket->encdata->cipher->length)) == NULL) { free(new5ticket); (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Error allocating cipher in krb5ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return KRB5KRB_ERR_GENERIC; } else { memcpy(new5ticket->enc_part.ciphertext.data, asn1ticket->encdata->cipher->data, asn1ticket->encdata->cipher->length); } *krb5ticket = new5ticket; return 0; }