gss_trailerlen = 0 not used

[mech_eap.git] / mech_eap / accept_sec_context.c

diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c
index ded1ec8..1cbf275 100644 (file)
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -345,54 +345,43 @@ setAcceptorIdentity(OM_uint32 *minor,
 
     krbPrinc = ctx->acceptorName->krbPrincipal;
     GSSEAP_ASSERT(krbPrinc != NULL);
-    GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc) >= 2);
+    GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc) >= 1);
 
     /* Acceptor-Service-Name */
     krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf);
 
     major = gssEapRadiusAddAvp(minor, req,
                                PW_GSS_ACCEPTOR_SERVICE_NAME,
-                               VENDORPEC_UKERNA,
+                               0,
                                &nameBuf);
     if (GSS_ERROR(major))
         return major;
 
     /* Acceptor-Host-Name */
-    krbPrincComponentToGssBuffer(krbPrinc, 1, &nameBuf);
-
-    major = gssEapRadiusAddAvp(minor, req,
-                               PW_GSS_ACCEPTOR_HOST_NAME,
-                               VENDORPEC_UKERNA,
-                               &nameBuf);
-    if (GSS_ERROR(major))
-        return major;
-
+    if (KRB_PRINC_LENGTH(krbPrinc) >= 2) {
+       krbPrincComponentToGssBuffer(krbPrinc, 1, &nameBuf);
+
+       major = gssEapRadiusAddAvp(minor, req,
+                                  PW_GSS_ACCEPTOR_HOST_NAME,
+                                  0,
+                                  &nameBuf);
+       if (GSS_ERROR(major))
+           return major;
+    }
     if (KRB_PRINC_LENGTH(krbPrinc) > 2) {
         /* Acceptor-Service-Specific */
-        krb5_principal_data ssiPrinc = *krbPrinc;
-        char *ssi;
-
-        KRB_PRINC_LENGTH(&ssiPrinc) -= 2;
-        KRB_PRINC_NAME(&ssiPrinc) += 2;
-
-        *minor = krb5_unparse_name_flags(krbContext, &ssiPrinc,
-                                         KRB5_PRINCIPAL_UNPARSE_NO_REALM, &ssi);
+        *minor = krbPrincUnparseServiceSpecifics(krbContext,
+                                                 krbPrinc, &nameBuf);
         if (*minor != 0)
             return GSS_S_FAILURE;
 
-        nameBuf.value = ssi;
-        nameBuf.length = strlen(ssi);
-
         major = gssEapRadiusAddAvp(minor, req,
-                                   PW_GSS_ACCEPTOR_SERVICE_SPECIFIC,
-                                   VENDORPEC_UKERNA,
+                                   PW_GSS_ACCEPTOR_SERVICE_SPECIFICS,
+                                   0,
                                    &nameBuf);
-
-        if (GSS_ERROR(major)) {
-            krb5_free_unparsed_name(krbContext, ssi);
+       krbFreeUnparsedName(krbContext, &nameBuf);
+        if (GSS_ERROR(major))
             return major;
-        }
-        krb5_free_unparsed_name(krbContext, ssi);
     }
 
     krbPrincRealmToGssBuffer(krbPrinc, &nameBuf);
@@ -400,7 +389,7 @@ setAcceptorIdentity(OM_uint32 *minor,
         /* Acceptor-Realm-Name */
         major = gssEapRadiusAddAvp(minor, req,
                                    PW_GSS_ACCEPTOR_REALM_NAME,
-                                   VENDORPEC_UKERNA,
+                                   0,
                                    &nameBuf);
         if (GSS_ERROR(major))
             return major;
@@ -903,13 +892,11 @@ gssEapAcceptSecContext(OM_uint32 *minor,
      * credential handle.
      */
 
-    /*
-     * Calling gssEapInquireCred() forces the default acceptor credential name
-     * to be resolved.
-     */
-    major = gssEapInquireCred(minor, cred, &ctx->acceptorName, NULL, NULL, NULL);
-    if (GSS_ERROR(major))
-        goto cleanup;
+    if (cred->name != GSS_C_NO_NAME) {
+        major = gssEapDuplicateName(minor, cred->name, &ctx->acceptorName);
+        if (GSS_ERROR(major))
+            goto cleanup;
+    }
 
     major = gssEapSmStep(minor,
                          cred,