} \
} while (0)
+#ifdef GSSEAP_ENABLE_ACCEPTOR
static OM_uint32
gssEapImportPartialContext(OM_uint32 *minor,
unsigned char **pBuf,
}
#ifdef GSSEAP_DEBUG
- assert(remain == 0);
+ GSSEAP_ASSERT(remain == 0);
#endif
*pBuf = p;
return GSS_S_COMPLETE;
}
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
static OM_uint32
importMechanismOid(OM_uint32 *minor,
size_t *pRemain,
krb5_cksumtype *checksumType,
krb5_enctype *pEncryptionType,
- krb5_keyblock *key)
+ krb5_keyblock *pKey)
{
unsigned char *p = *pBuf;
size_t remain = *pRemain;
OM_uint32 encryptionType;
OM_uint32 length;
- gss_buffer_desc tmp;
+ krb5_context krbContext;
+ krb5_keyblock key;
+ krb5_error_code code;
+
+ GSSEAP_KRB_INIT(&krbContext);
+
+ KRB_KEY_INIT(pKey);
if (remain < 12) {
*minor = GSSEAP_TOK_TRUNC;
return GSS_S_DEFECTIVE_TOKEN;
}
- if (load_buffer(&p[12], length, &tmp) == NULL) {
- *minor = ENOMEM;
- return GSS_S_FAILURE;
- }
+ if (encryptionType != ENCTYPE_NULL) {
+ KRB_KEY_INIT(&key);
- KRB_KEY_TYPE(key) = encryptionType;
- KRB_KEY_LENGTH(key) = tmp.length;
- KRB_KEY_DATA(key) = (unsigned char *)tmp.value;
+ KRB_KEY_TYPE(&key) = encryptionType;
+ KRB_KEY_LENGTH(&key) = length;
+ KRB_KEY_DATA(&key) = &p[12];
+
+ code = krb5_copy_keyblock_contents(krbContext, &key, pKey);
+ if (code != 0) {
+ *minor = code;
+ return GSS_S_FAILURE;
+ }
+ }
*pBuf += 12 + length;
*pRemain -= 12 + length;
static OM_uint32
importName(OM_uint32 *minor,
+ gss_OID mech,
unsigned char **pBuf,
size_t *pRemain,
gss_name_t *pName)
{
- OM_uint32 major;
+ OM_uint32 major, tmpMinor, flags;
unsigned char *p = *pBuf;
size_t remain = *pRemain;
gss_buffer_desc tmp;
tmp.value = p + 4;
- major = gssEapImportNameInternal(minor, &tmp, pName,
- EXPORT_NAME_FLAG_COMPOSITE);
+ flags = EXPORT_NAME_FLAG_COMPOSITE;
+ if (mech == GSS_C_NO_OID)
+ flags |= EXPORT_NAME_FLAG_OID;
+
+ major = gssEapImportNameInternal(minor, &tmp, pName, flags);
if (GSS_ERROR(major))
return major;
+
+ if ((flags & EXPORT_NAME_FLAG_OID) == 0) {
+ major = gssEapCanonicalizeOid(minor, mech, 0, &(*pName)->mechanismUsed);
+ if (GSS_ERROR(major)) {
+ gssEapReleaseName(&tmpMinor, pName);
+ return major;
+ }
+ }
}
*pBuf += 4 + tmp.length;
return GSS_S_COMPLETE;
}
-static OM_uint32
+OM_uint32
gssEapImportContext(OM_uint32 *minor,
gss_buffer_t token,
gss_ctx_id_t ctx)
if (GSS_ERROR(major))
return major;
- major = importName(minor, &p, &remain, &ctx->initiatorName);
+ /* Initiator name OID matches the context mechanism, so it's not encoded */
+ major = importName(minor, ctx->mechanismUsed, &p, &remain, &ctx->initiatorName);
if (GSS_ERROR(major))
return major;
- major = importName(minor, &p, &remain, &ctx->acceptorName);
+ major = importName(minor, GSS_C_NO_OID, &p, &remain, &ctx->acceptorName);
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
+#ifdef GSSEAP_ENABLE_ACCEPTOR
/*
* The partial context should only be expected for unestablished
* acceptor contexts.
}
#ifdef GSSEAP_DEBUG
- assert(remain == 0);
+ GSSEAP_ASSERT(remain == 0);
#endif
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
major = GSS_S_COMPLETE;
*minor = 0;