/* private */
void
LiteralValue_Priv::decode_krb5_principal_name(unsigned char* data, int len)
{
KRB5_PRINC_NAME *pname = NULL;
const unsigned char *p;
p = data;
pname = d2i_KRB5_PRINC_NAME(NULL, &p, len);
if(pname == NULL ||
pname->realm == NULL ||
pname->kerberosname == NULL ||
pname->kerberosname->namelist == NULL)
{
//ERR_print_errors_fp(stderr);
LOGIT_ERROR("Unable to decode KRB5PrincipalName");
setLiteral("othername", std::string("unsupported(1.3.6.1.5.2.2)"));
return;
}
std::string principal = "";
for(int i = 0; i < sk_ASN1_GENERALSTRING_num(pname->kerberosname->namelist); i++)
{
//LOGIT_DEBUG( "NAMELIST" << i << ":" << asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i)));
if(principal == "")
{
principal += asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i));
}
else
{
principal += "/" + asn1string2string(sk_ASN1_GENERALSTRING_value(pname->kerberosname->namelist, i));
}
}
principal += "@" + asn1string2string(pname->realm);
setLiteral("1.3.6.1.5.2.2", principal);
p = NULL;
}
/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
** Return Kerberos error code and kssl_err struct on error.
** Allocates krb5_ticket and krb5_principal; caller should free these.
**
** 20010410 VRS Implemented krb5_decode_ticket() as
** old_krb5_decode_ticket(). Missing from MIT1.0.6.
** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions.
** Re-used some of the old krb5_decode_ticket()
** code here. This tkt should alloc/free just
** like the real thing.
*/
static krb5_error_code
kssl_TKT2tkt(
/* IN */ krb5_context krb5context,
/* IN */ KRB5_TKTBODY *asn1ticket,
/* OUT */ krb5_ticket **krb5ticket,
/* OUT */ KSSL_ERR *kssl_err )
{
krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
krb5_ticket *new5ticket = NULL;
ASN1_GENERALSTRING *gstr_svc, *gstr_host;
*krb5ticket = NULL;
if (asn1ticket == NULL || asn1ticket->realm == NULL ||
asn1ticket->sname == NULL ||
sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) {
(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
"Null field in asn1ticket.\n");
kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
return KRB5KRB_ERR_GENERIC;
}
if ((new5ticket =
(krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) {
(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
"Unable to allocate new krb5_ticket.\n");
kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */
}
gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
if ((krb5rc = kssl_build_principal_2(krb5context, &new5ticket->server,
asn1ticket->realm->length, (char *)asn1ticket->realm->data,
gstr_svc->length, (char *)gstr_svc->data, gstr_host->length,
(char *)gstr_host->data)) != 0) {
free(new5ticket);
(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
"Error building ticket server principal.\n");
kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
return krb5rc; /* or KRB5KRB_ERR_GENERIC; */
}
krb5_princ_type(krb5context, new5ticket->server) =
asn1ticket->sname->nametype->data[0];
new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
new5ticket->enc_part.ciphertext.length =
asn1ticket->encdata->cipher->length;
if ((new5ticket->enc_part.ciphertext.data =
calloc(1, asn1ticket->encdata->cipher->length)) == NULL) {
free(new5ticket);
(void) snprintf(kssl_err->text, KSSL_ERR_MAX,
"Error allocating cipher in krb5ticket.\n");
kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
return KRB5KRB_ERR_GENERIC;
} else {
memcpy(new5ticket->enc_part.ciphertext.data,
asn1ticket->encdata->cipher->data,
asn1ticket->encdata->cipher->length);
}
*krb5ticket = new5ticket;
return 0;
}
