diff -Naur openssl-0.9.8i/include/openssl/kssl.h openssl-0.9.8i-heimdal/include/openssl/kssl.h --- include/openssl/kssl.h 2005-04-09 23:55:55.000000000 +0000 +++ include/openssl/kssl.h 2008-11-22 16:27:24.000000000 +0000 @@ -81,6 +81,7 @@ */ #ifdef KRB5_HEIMDAL typedef unsigned char krb5_octet; +typedef krb5_times krb5_ticket_times; #define FAR #else diff -Naur openssl-0.9.8i/ssl/kssl.c openssl-0.9.8i-heimdal/ssl/kssl.c --- ssl/kssl.c 2008-04-02 11:15:05.000000000 +0000 +++ ssl/kssl.c 2008-11-24 16:05:07.000000000 +0000 @@ -821,16 +821,27 @@ { switch (enctype) { - case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */ - case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_CRC: /* EVP_des_cbc(); */ case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_MD5: +#ifdef KRB5_HEIMDAL + case ENCTYPE_DES_CBC_NONE: + case ENCTYPE_DES_CFB64_NONE: + case ENCTYPE_DES_PCBC_NONE: +#else + case ENCTYPE_DES_HMAC_SHA1: case ENCTYPE_DES_CBC_RAW: +#endif return EVP_des_cbc(); break; case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ +#ifdef KRB5_HEIMDAL + case ENCTYPE_DES3_CBC_MD5: + case ENCTYPE_DES3_CBC_NONE: +#else case ENCTYPE_DES3_CBC_SHA: case ENCTYPE_DES3_CBC_RAW: +#endif return EVP_des_ede3_cbc(); break; default: return NULL; @@ -883,6 +894,7 @@ { int i, j, n; static size_t *cklens = NULL; + size_t cksumsize; #ifdef KRB5_MIT_OLD11 n = krb5_max_cksum; @@ -894,13 +906,14 @@ if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1))) return NULL; for (i=0; i < n; i++) { - if (!valid_cksumtype(i)) continue; /* array has holes */ + if (!krb5_c_valid_cksumtype(i)) continue; /* array has holes */ + if (krb5_c_checksum_length(NULL, i, &cksumsize)) continue; /* there's something wrong */ for (j=0; j < n; j++) { if (cklens[j] == 0) { - cklens[j] = krb5_checksum_size(NULL,i); + cklens[j] = cksumsize; break; /* krb5 elem was new: add */ } - if (cklens[j] == krb5_checksum_size(NULL,i)) { + if (cklens[j] == cksumsize) { break; /* ignore duplicate elements */ } } @@ -957,14 +970,21 @@ print_krb5_data(char *label, krb5_data *kdata) { int i; + unsigned char *datastring; + +#ifdef KRB5_HEIMDAL + memcpy(datastring, kdata->data, kdata->length); +#else + datastring = kdata->data; +#endif printf("%s[%d] ", label, kdata->length); for (i=0; i < (int)kdata->length; i++) { - if (0 && isprint((int) kdata->data[i])) - printf( "%c ", kdata->data[i]); + if (0 && isprint((int) datastring[i])) + printf( "%c ", datastring[i]); else - printf( "%02x ", (unsigned char) kdata->data[i]); + printf( "%02x ", datastring[i]); } printf("\n"); } @@ -1002,28 +1022,28 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) { int i; + unsigned char *keyblkcontents; if (keyblk == NULL) { printf("%s, keyblk==0\n", label); return; } + #ifdef KRB5_HEIMDAL printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype, - keyblk->keyvalue->length); - for (i=0; i < (int)keyblk->keyvalue->length; i++) - { - printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]); - } - printf("\n"); + keyblk->keyvalue.length); + memcpy(keyblkcontents, keyblk->keyvalue.data, keyblk->keyvalue.length); + for (i=0; i < (int)keyblk->keyvalue.length; i++) #else printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length); + keyblkcontents = keyblk->contents; for (i=0; i < (int)keyblk->length; i++) +#endif { - printf("%02x",keyblk->contents[i]); + printf("%02x",keyblkcontents[i]); } printf("\n"); -#endif } @@ -1034,10 +1054,37 @@ print_krb5_princ(char *label, krb5_principal_data *princ) { int i, ui, uj; + unsigned int realmlength; + char *realmdata; printf("%s principal Realm: ", label); if (princ == NULL) return; - for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]); + +#ifdef KRB5_HEIMDAL + realmlength = krb5_realm_length(princ->realm); + realmdata = krb5_realm_data(princ->realm); +#else + realmlength = princ->realm.length; + realmdata = princ->realm.data; +#endif + + for (ui=0; ui < (int)realmlength; ui++) putchar(realmdata[ui]); + +#ifdef KRB5_HEIMDAL + printf(" (nametype %d) has %d strings:\n", + princ->name.name_type, + princ->name.name_string.len); + for (i=0; i < (int)princ->name.name_string.len; i++) + { + realmlength = krb5_realm_length(princ->name.name_string.val[i]); + realmdata = krb5_realm_data(princ->name.name_string.val[i]); + printf("\t%d [%d]: ", i, realmlength); + for (uj=0; uj < (int)realmlength; uj++) { + putchar(realmdata[uj]); + } + printf("\n"); + } +#else printf(" (nametype %d) has %d strings:\n", princ->type,princ->length); for (i=0; i < (int)princ->length; i++) { @@ -1047,6 +1094,8 @@ } printf("\n"); } +#endif + return; } @@ -1275,6 +1324,17 @@ return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ } +#ifdef KRB5_HEIMDAL + krb5_principal_set_type(krb5context, new5ticket->server, + asn1ticket->sname->nametype->data[0]); +/* +** To do. +** MIT krb5_ticket looks more like the Ticket type of Heimdal, +** there seems to be no simple translation. +** May be the whole kssl_TKT2tkt function will have to be left out, +** and kssl_sget_tkt deeply rewriten for Heimdal. +*/ +#else krb5_princ_type(krb5context, new5ticket->server) = asn1ticket->sname->nametype->data[0]; new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0]; @@ -1296,6 +1356,7 @@ asn1ticket->encdata->cipher->data, asn1ticket->encdata->cipher->length); } +#endif *krb5ticket = new5ticket; return 0; diff -Naur openssl-0.9.8i/ssl/kssl.h openssl-0.9.8i-heimdal/ssl/kssl.h --- ssl/kssl.h 2005-04-09 23:55:55.000000000 +0000 +++ ssl/kssl.h 2008-11-22 16:27:24.000000000 +0000 @@ -81,6 +81,7 @@ */ #ifdef KRB5_HEIMDAL typedef unsigned char krb5_octet; +typedef krb5_times krb5_ticket_times; #define FAR #else