/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* SUCH DAMAGE.
*/
+/*
+ * General mechanism utility routines.
+ */
+
#include "gssapiP_eap.h"
/*
*/
/*
- * Note: the enctype-less OID is used as the mechanism OID in exported
- * names. There is no public symbol for it. This is consistent with
- * the krb5 mechanism which, whilst known by many OIDs, always uses a
- * canonical OID for exported names. (This OID is also returned by
- * gss_inquire_name.)
+ * Note: the enctype-less OID is used as the mechanism OID in non-
+ * canonicalized exported names.
*/
static gss_OID_desc gssEapMechOids[] = {
/* 1.3.6.1.4.1.5322.22.1 */
gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM = &gssEapMechOids[1];
gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapMechOids[2];
+static int
+internalizeOid(const gss_OID oid,
+ gss_OID *const pInternalizedOid);
+
/*
* Returns TRUE is the OID is a concrete mechanism OID, that is, one
* with a Kerberos enctype as the last element.
for (i = 0; i < mechs->count; i++) {
gss_OID oid = &mechs->elements[i];
- if (!gssEapIsConcreteMechanismOid(oid))
+ if (!gssEapIsConcreteMechanismOid(oid)) {
+ *minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
+ }
}
return GSS_S_COMPLETE;
enctype,
oid);
if (major == GSS_S_COMPLETE) {
- gssEapInternalizeOid(oid, pOid);
+ internalizeOid(oid, pOid);
*pOid = oid;
} else {
GSSEAP_FREE(oid->elements);
major = gss_create_empty_oid_set(minor, mechs);
if (GSS_ERROR(major)) {
- GSSEAP_FREE(etypes); /* XXX */
+ GSSEAP_FREE(etypes);
return major;
}
gss_release_oid(&tmpMinor, &mechOid);
}
- GSSEAP_FREE(etypes); /* XXX */
+ GSSEAP_FREE(etypes);
*minor = 0;
return major;
return GSS_S_BAD_MECH;
}
- if (!gssEapInternalizeOid(&mechs->elements[0], oid)) {
+ if (!internalizeOid(&mechs->elements[0], oid)) {
/* don't double-free if we didn't internalize it */
mechs->elements[0].length = 0;
mechs->elements[0].elements = NULL;
return GSS_S_COMPLETE;
}
-int
-gssEapInternalizeOid(const gss_OID oid,
- gss_OID *const pInternalizedOid)
+static int
+internalizeOid(const gss_OID oid,
+ gss_OID *const pInternalizedOid)
{
int i;
}
if (*pInternalizedOid == GSS_C_NO_OID) {
- if (oidEqual(oid, GSS_EAP_NT_PRINCIPAL_NAME))
- *pInternalizedOid = (const gss_OID)GSS_EAP_NT_PRINCIPAL_NAME;
+ if (oidEqual(oid, GSS_EAP_NT_EAP_NAME))
+ *pInternalizedOid = (const gss_OID)GSS_EAP_NT_EAP_NAME;
}
if (*pInternalizedOid == GSS_C_NO_OID) {
return 1;
}
+OM_uint32
+gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid)
+{
+ gss_OID internalizedOid = GSS_C_NO_OID;
+
+ *minor = 0;
+
+ if (internalizeOid(*oid, &internalizedOid)) {
+ /* OID was internalized, so we can mark it as "freed" */
+ *oid = GSS_C_NO_OID;
+ return GSS_S_COMPLETE;
+ }
+
+ /* we don't know about this OID */
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+OM_uint32
+gssEapCanonicalizeOid(OM_uint32 *minor,
+ const gss_OID oid,
+ OM_uint32 flags,
+ gss_OID *pOid)
+{
+ OM_uint32 major;
+ int mapToNull = 0;
+
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+ *pOid = GSS_C_NULL_OID;
+
+ if (oid == GSS_C_NULL_OID) {
+ if ((flags & OID_FLAG_NULL_VALID) == 0) {
+ *minor = GSSEAP_WRONG_MECH;
+ return GSS_S_BAD_MECH;
+ } else if (flags & OID_FLAG_MAP_NULL_TO_DEFAULT_MECH) {
+ return gssEapDefaultMech(minor, pOid);
+ } else {
+ mapToNull = 1;
+ }
+ } else if (oidEqual(oid, GSS_EAP_MECHANISM)) {
+ if ((flags & OID_FLAG_FAMILY_MECH_VALID) == 0) {
+ *minor = GSSEAP_WRONG_MECH;
+ return GSS_S_BAD_MECH;
+ } else if (flags & OID_FLAG_MAP_FAMILY_MECH_TO_NULL) {
+ mapToNull = 1;
+ }
+ } else if (!gssEapIsConcreteMechanismOid(oid)) {
+ *minor = GSSEAP_WRONG_MECH;
+ return GSS_S_BAD_MECH;
+ }
+
+ if (!mapToNull) {
+ if (!internalizeOid(oid, pOid))
+ major = duplicateOid(minor, oid, pOid);
+ }
+
+ return major;
+}
+
static gss_buffer_desc gssEapSaslMechs[] = {
{ sizeof("EAP") - 1, "EAP", }, /* not used */
{ sizeof("EAP-AES128") - 1, "EAP-AES128" },