Ignore empty realms comparing acceptor name hint

[mech_eap.git] / mech_eap / util_cred.c

diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c
index 856c0a5..825bef5 100644 (file)
--- a/mech_eap/util_cred.c
+++ b/mech_eap/util_cred.c
@@ -37,9 +37,10 @@
 #include "gssapiP_eap.h"
 
 #ifdef WIN32
-#include <shlobj.h>
+# include <shlobj.h>     /* may need to use ShFolder.h instead */
+# include <stdio.h>
 #else
-#include <pwd.h>
+# include <pwd.h>
 #endif
 
 OM_uint32
@@ -155,10 +156,10 @@ readStaticIdentityFile(OM_uint32 *minor,
         if (!SUCCEEDED(SHGetFolderPath(NULL,
                                        CSIDL_APPDATA, /* |CSIDL_FLAG_CREATE */
                                        NULL, /* User access token */
-                                       0,
+                                       0,    /* SHGFP_TYPE_CURRENT */
                                        szPath))) {
             major = GSS_S_CRED_UNAVAIL;
-            *minor = GetLastError();
+            *minor = GSSEAP_GET_LAST_ERROR(); /* XXX */
             goto cleanup;
         }
 
@@ -240,13 +241,14 @@ cleanup:
 gss_OID
 gssEapPrimaryMechForCred(gss_cred_id_t cred)
 {
-    gss_OID nameMech = GSS_C_NO_OID;
+    gss_OID credMech = GSS_C_NO_OID;
 
-    if (cred->mechanisms != GSS_C_NO_OID_SET &&
+    if (cred != GSS_C_NO_CREDENTIAL &&
+        cred->mechanisms != GSS_C_NO_OID_SET &&
         cred->mechanisms->count == 1)
-        nameMech = &cred->mechanisms->elements[0];
+        credMech = &cred->mechanisms->elements[0];
 
-    return nameMech;
+    return credMech;
 }
 
 OM_uint32
@@ -306,6 +308,18 @@ gssEapAcquireCred(OM_uint32 *minor,
         GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
     }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
+    if (cred->flags & CRED_FLAG_ACCEPT) {
+        struct rs_context *radContext;
+
+        major = gssEapCreateRadiusContext(minor, cred, &radContext);
+        if (GSS_ERROR(major))
+            goto cleanup;
+
+        rs_context_destroy(radContext);
+    }
+#endif
+
     if (pActualMechs != NULL) {
         major = duplicateOidSet(minor, cred->mechanisms, pActualMechs);
         if (GSS_ERROR(major))
@@ -337,7 +351,7 @@ gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech)
     OM_uint32 minor;
     int present = 0;
 
-    assert(mech != GSS_C_NO_OID);
+    GSSEAP_ASSERT(mech != GSS_C_NO_OID);
 
     if (cred == GSS_C_NO_CREDENTIAL || cred->mechanisms == GSS_C_NO_OID_SET)
         return TRUE;
@@ -540,6 +554,10 @@ gssEapSetCredService(OM_uint32 *minor,
         major = gssEapDuplicateName(minor, target, &newTarget);
         if (GSS_ERROR(major))
             goto cleanup;
+
+        cred->flags |= CRED_FLAG_TARGET;
+    } else {
+        cred->flags &= ~(CRED_FLAG_TARGET);
     }
 
     gssEapReleaseName(&tmpMinor, &cred->target);
@@ -650,7 +668,8 @@ staticIdentityFileResolveInitiatorCred(OM_uint32 *minor, gss_cred_id_t cred)
             isDefaultIdentity = TRUE;
         } else {
             major = gssEapCompareName(minor, cred->name,
-                                      defaultIdentityName, &isDefaultIdentity);
+                                      defaultIdentityName, 0,
+                                      &isDefaultIdentity);
             if (GSS_ERROR(major))
                 goto cleanup;
         }
@@ -713,9 +732,10 @@ gssEapResolveInitiatorCred(OM_uint32 *minor,
         if (major == GSS_S_CRED_UNAVAIL)
 #endif
             major = staticIdentityFileResolveInitiatorCred(minor, resolvedCred);
-        if (GSS_ERROR(major))
+        if (GSS_ERROR(major) && major != GSS_S_CRED_UNAVAIL)
             goto cleanup;
 
+        /* If we have a caller-supplied password, the credential is resolved. */
         if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) {
             major = GSS_S_CRED_UNAVAIL;
             *minor = GSSEAP_NO_DEFAULT_CRED;