Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in

SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.
author: Richard Levitte <levitte@openssl.org> 2001-07-09 21:46:58 +0000
committer: Richard Levitte <levitte@openssl.org> 2001-07-09 21:46:58 +0000
commit: 2a1ef754358e35c8e86df903e0a2f92c35a550d0 (patch)
tree: 6ac406a5043c584c2ce0912d35192c3c30376f67 /ssl/kssl.h
parent: c148d7097811c18f277a8559753c770f4ff85771 (diff)
download: openssl-2a1ef754358e35c8e86df903e0a2f92c35a550d0.tar.gz
1 files changed, 25 insertions, 4 deletions
diff --git a/ssl/kssl.h b/ssl/kssl.h
index ef0fc847b1..7319b3daf2 100644
--- a/ssl/kssl.h
+++ b/ssl/kssl.h
@@ -96,6 +96,17 @@ typedef unsigned char krb5_octet;
 #define KRB5KEYTAB	"/etc/krb5.keytab"
 #endif
 
+#ifndef KRB5SENDAUTH
+#define KRB5SENDAUTH	1
+#endif
+
+#ifndef KRB5CHECKAUTH
+#define KRB5CHECKAUTH	1
+#endif
+
+#ifndef KSSL_CLOCKSKEW
+#define	KSSL_CLOCKSKEW	300;
+#endif
 
 #define	KSSL_ERR_MAX	255
 typedef struct kssl_err_st  {
@@ -139,6 +150,8 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
 char *kstring(char *string);
 char *knumber(int len, krb5_octet *contents);
 
+EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+
 
 /* Public (for use by applications that use OpenSSL with Kerberos 5 support */
 krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
@@ -147,13 +160,21 @@ KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
         krb5_data *realm, krb5_data *entity);
-krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *ap_req,
-        KSSL_ERR *kssl_err);
-krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  char *msg, int msglen,
-        KSSL_ERR *kssl_err);
+krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
+        krb5_data *authenp, KSSL_ERR *kssl_err);
+krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
+        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
 void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
+krb5_error_code  kssl_build_principal_2(krb5_context context,
+			krb5_principal *princ, int rlen, const char *realm,
+			int slen, const char *svc, int hlen, const char *host);
+krb5_error_code  kssl_validate_times(krb5_timestamp atime,
+					krb5_ticket_times *ttimes);
+krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
+unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 
 #ifdef  __cplusplus
 }
author	Richard Levitte <levitte@openssl.org>	2001-07-09 21:46:58 +0000
committer	Richard Levitte <levitte@openssl.org>	2001-07-09 21:46:58 +0000
commit	2a1ef754358e35c8e86df903e0a2f92c35a550d0 (patch)
tree	6ac406a5043c584c2ce0912d35192c3c30376f67 /ssl/kssl.h
parent	c148d7097811c18f277a8559753c770f4ff85771 (diff)
download	openssl-2a1ef754358e35c8e86df903e0a2f92c35a550d0.tar.gz