krb5_context krbContext;
struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
gss_buffer_desc identity = GSS_C_EMPTY_BUFFER;
- gss_buffer_desc anonymousIdentity = GSS_C_EMPTY_BUFFER;
- ssize_t i;
+ gss_buffer_desc realm = GSS_C_EMPTY_BUFFER;
eapPeerConfig->identity = NULL;
eapPeerConfig->identity_len = 0;
return GSS_S_BAD_NAME;
}
+ /* identity */
major = gssEapDisplayName(minor, cred->name, &identity, NULL);
if (GSS_ERROR(major))
return major;
- assert(identity.length > 0);
+ eapPeerConfig->identity = (unsigned char *)identity.value;
+ eapPeerConfig->identity_len = identity.length;
- for (i = identity.length - 1; i >= 0; i--) {
- unsigned char *p = (unsigned char *)identity.value + i;
+ krbPrincRealmToGssBuffer(cred->name->krbPrincipal, &realm);
- if (*p == '@') {
- anonymousIdentity.length = identity.length - i;
- anonymousIdentity.value = p;
- break;
- }
+ /* anonymous_identity */
+ eapPeerConfig->anonymous_identity = GSSEAP_MALLOC(realm.length + 2);
+ if (eapPeerConfig->anonymous_identity == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
}
- if (anonymousIdentity.length == 0)
- anonymousIdentity.value = "";
+ eapPeerConfig->anonymous_identity[0] = '@';
+ memcpy(eapPeerConfig->anonymous_identity + 1, realm.value, realm.length);
+ eapPeerConfig->anonymous_identity[1 + realm.length] = '\0';
+ eapPeerConfig->anonymous_identity_len = 1 + realm.length;
- eapPeerConfig->identity = (unsigned char *)identity.value;
- eapPeerConfig->identity_len = identity.length;
- eapPeerConfig->anonymous_identity = (unsigned char *)anonymousIdentity.value;
- eapPeerConfig->anonymous_identity_len = anonymousIdentity.length;
+ /* password */
eapPeerConfig->password = (unsigned char *)cred->password.value;
eapPeerConfig->password_len = cred->password.length;
{
struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
- GSSEAP_FREE(eapPeerConfig->identity);
+ if (eapPeerConfig->identity != NULL) {
+ GSSEAP_FREE(eapPeerConfig->identity);
+ eapPeerConfig->identity = NULL;
+ eapPeerConfig->identity_len = 0;
+ }
+
+ if (eapPeerConfig->anonymous_identity != NULL) {
+ GSSEAP_FREE(eapPeerConfig->anonymous_identity);
+ eapPeerConfig->anonymous_identity = NULL;
+ eapPeerConfig->anonymous_identity_len = 0;
+ }
*minor = 0;
return GSS_S_COMPLETE;
goto cleanup;
major = gssInitSecContext(minor,
- cred->krbCred,
- &ctx->kerberosCtx,
+ cred->reauthCred,
+ &ctx->reauthCtx,
mechTarget,
(gss_OID)gss_mech_krb5,
reqFlags | GSS_C_MUTUAL_FLAG,
OM_uint32 tmpMinor;
/* server didn't support reauthentication, sent EAP request */
- gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+ gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
} else