add heimdal patch

This commit is contained in:
Mario Fetka 2013-04-19 10:53:36 +02:00
parent 74cf9b44e5
commit f2d94089d8

View File

@ -0,0 +1,217 @@
diff -Naur openssl-0.9.8i/include/openssl/kssl.h openssl-0.9.8i-heimdal/include/openssl/kssl.h
--- include/openssl/kssl.h 2005-04-09 23:55:55.000000000 +0000
+++ include/openssl/kssl.h 2008-11-22 16:27:24.000000000 +0000
@@ -81,6 +81,7 @@
*/
#ifdef KRB5_HEIMDAL
typedef unsigned char krb5_octet;
+typedef krb5_times krb5_ticket_times;
#define FAR
#else
diff -Naur openssl-0.9.8i/ssl/kssl.c openssl-0.9.8i-heimdal/ssl/kssl.c
--- ssl/kssl.c 2008-04-02 11:15:05.000000000 +0000
+++ ssl/kssl.c 2008-11-24 16:05:07.000000000 +0000
@@ -821,16 +821,27 @@
{
switch (enctype)
{
- case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
- case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_CRC: /* EVP_des_cbc(); */
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
+#ifdef KRB5_HEIMDAL
+ case ENCTYPE_DES_CBC_NONE:
+ case ENCTYPE_DES_CFB64_NONE:
+ case ENCTYPE_DES_PCBC_NONE:
+#else
+ case ENCTYPE_DES_HMAC_SHA1:
case ENCTYPE_DES_CBC_RAW:
+#endif
return EVP_des_cbc();
break;
case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
+#ifdef KRB5_HEIMDAL
+ case ENCTYPE_DES3_CBC_MD5:
+ case ENCTYPE_DES3_CBC_NONE:
+#else
case ENCTYPE_DES3_CBC_SHA:
case ENCTYPE_DES3_CBC_RAW:
+#endif
return EVP_des_ede3_cbc();
break;
default: return NULL;
@@ -883,6 +894,7 @@
{
int i, j, n;
static size_t *cklens = NULL;
+ size_t cksumsize;
#ifdef KRB5_MIT_OLD11
n = krb5_max_cksum;
@@ -894,13 +906,14 @@
if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1))) return NULL;
for (i=0; i < n; i++) {
- if (!valid_cksumtype(i)) continue; /* array has holes */
+ if (!krb5_c_valid_cksumtype(i)) continue; /* array has holes */
+ if (krb5_c_checksum_length(NULL, i, &cksumsize)) continue; /* there's something wrong */
for (j=0; j < n; j++) {
if (cklens[j] == 0) {
- cklens[j] = krb5_checksum_size(NULL,i);
+ cklens[j] = cksumsize;
break; /* krb5 elem was new: add */
}
- if (cklens[j] == krb5_checksum_size(NULL,i)) {
+ if (cklens[j] == cksumsize) {
break; /* ignore duplicate elements */
}
}
@@ -957,14 +970,21 @@
print_krb5_data(char *label, krb5_data *kdata)
{
int i;
+ unsigned char *datastring;
+
+#ifdef KRB5_HEIMDAL
+ memcpy(datastring, kdata->data, kdata->length);
+#else
+ datastring = kdata->data;
+#endif
printf("%s[%d] ", label, kdata->length);
for (i=0; i < (int)kdata->length; i++)
{
- if (0 && isprint((int) kdata->data[i]))
- printf( "%c ", kdata->data[i]);
+ if (0 && isprint((int) datastring[i]))
+ printf( "%c ", datastring[i]);
else
- printf( "%02x ", (unsigned char) kdata->data[i]);
+ printf( "%02x ", datastring[i]);
}
printf("\n");
}
@@ -1002,28 +1022,28 @@
print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
{
int i;
+ unsigned char *keyblkcontents;
if (keyblk == NULL)
{
printf("%s, keyblk==0\n", label);
return;
}
+
#ifdef KRB5_HEIMDAL
printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
- keyblk->keyvalue->length);
- for (i=0; i < (int)keyblk->keyvalue->length; i++)
- {
- printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
- }
- printf("\n");
+ keyblk->keyvalue.length);
+ memcpy(keyblkcontents, keyblk->keyvalue.data, keyblk->keyvalue.length);
+ for (i=0; i < (int)keyblk->keyvalue.length; i++)
#else
printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+ keyblkcontents = keyblk->contents;
for (i=0; i < (int)keyblk->length; i++)
+#endif
{
- printf("%02x",keyblk->contents[i]);
+ printf("%02x",keyblkcontents[i]);
}
printf("\n");
-#endif
}
@@ -1034,10 +1054,37 @@
print_krb5_princ(char *label, krb5_principal_data *princ)
{
int i, ui, uj;
+ unsigned int realmlength;
+ char *realmdata;
printf("%s principal Realm: ", label);
if (princ == NULL) return;
- for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
+
+#ifdef KRB5_HEIMDAL
+ realmlength = krb5_realm_length(princ->realm);
+ realmdata = krb5_realm_data(princ->realm);
+#else
+ realmlength = princ->realm.length;
+ realmdata = princ->realm.data;
+#endif
+
+ for (ui=0; ui < (int)realmlength; ui++) putchar(realmdata[ui]);
+
+#ifdef KRB5_HEIMDAL
+ printf(" (nametype %d) has %d strings:\n",
+ princ->name.name_type,
+ princ->name.name_string.len);
+ for (i=0; i < (int)princ->name.name_string.len; i++)
+ {
+ realmlength = krb5_realm_length(princ->name.name_string.val[i]);
+ realmdata = krb5_realm_data(princ->name.name_string.val[i]);
+ printf("\t%d [%d]: ", i, realmlength);
+ for (uj=0; uj < (int)realmlength; uj++) {
+ putchar(realmdata[uj]);
+ }
+ printf("\n");
+ }
+#else
printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
for (i=0; i < (int)princ->length; i++)
{
@@ -1047,6 +1094,8 @@
}
printf("\n");
}
+#endif
+
return;
}
@@ -1275,6 +1324,17 @@
return krb5rc; /* or KRB5KRB_ERR_GENERIC; */
}
+#ifdef KRB5_HEIMDAL
+ krb5_principal_set_type(krb5context, new5ticket->server,
+ asn1ticket->sname->nametype->data[0]);
+/*
+** To do.
+** MIT krb5_ticket looks more like the Ticket type of Heimdal,
+** there seems to be no simple translation.
+** May be the whole kssl_TKT2tkt function will have to be left out,
+** and kssl_sget_tkt deeply rewriten for Heimdal.
+*/
+#else
krb5_princ_type(krb5context, new5ticket->server) =
asn1ticket->sname->nametype->data[0];
new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
@@ -1296,6 +1356,7 @@
asn1ticket->encdata->cipher->data,
asn1ticket->encdata->cipher->length);
}
+#endif
*krb5ticket = new5ticket;
return 0;
diff -Naur openssl-0.9.8i/ssl/kssl.h openssl-0.9.8i-heimdal/ssl/kssl.h
--- ssl/kssl.h 2005-04-09 23:55:55.000000000 +0000
+++ ssl/kssl.h 2008-11-22 16:27:24.000000000 +0000
@@ -81,6 +81,7 @@
*/
#ifdef KRB5_HEIMDAL
typedef unsigned char krb5_octet;
+typedef krb5_times krb5_ticket_times;
#define FAR
#else