define gss_any_t for Heimdal, because it doesn't support it

[mech_eap.orig] / util_name.c

diff --git a/util_name.c b/util_name.c
index 1b729ca..144d26e 100644 (file)
--- a/util_name.c
+++ b/util_name.c
@@ -220,7 +220,6 @@ importServiceName(OM_uint32 *minor,
 
 /*
  * Import an EAP name, possibly appending the default GSS EAP realm,
- * and taking care to avoid appending the default Kerberos realm.
  */
 static OM_uint32
 importEapNameFlags(OM_uint32 *minor,
@@ -251,7 +250,9 @@ importEapNameFlags(OM_uint32 *minor,
 
         /*
          * First, attempt to parse the name on the assumption that it includes
-         * a qualifying realm.
+         * a qualifying realm. This allows us to avoid accidentally appending
+         * the default Kerberos realm to an unqualified name. (A bug in MIT
+         * Kerberos prevents the default realm being set to an empty value.)
          */
         code = krb5_parse_name_flags(krbContext, nameString,
                                      KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &krbPrinc);
@@ -259,16 +260,11 @@ importEapNameFlags(OM_uint32 *minor,
             char *defaultRealm = NULL;
             int parseFlags = 0;
 
-            /*
-             * We need an explicit appdefaults check because, at least with MIT
-             * Kerberos, setting the context realm to NULL will reset it to the
-             * default Kerberos realm after the second call to get_default_realm.
-             * We want to make sure that the default Kerberos realm does not end
-             * up accidentally appended to an unqualified name.
-             */
+            /* Possibly append the default EAP realm if required */
             if (importFlags & IMPORT_FLAG_DEFAULT_REALM)
                 gssEapGetDefaultRealm(krbContext, &defaultRealm);
 
+            /* If no default realm, leave the realm empty in the parsed name */
             if (defaultRealm == NULL)
                 parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM;
 
@@ -709,7 +705,7 @@ gssEapDisplayName(OM_uint32 *minor,
      */
 #ifdef HAVE_HEIMDAL_VERSION
     if (KRB_PRINC_REALM(name->krbPrincipal) == NULL ||
-        KRB_PRINC_REALM(name->krBPrincipal)[0] == '\0')
+        KRB_PRINC_REALM(name->krbPrincipal)[0] == '\0')
 #else
     if (KRB_PRINC_REALM(name->krbPrincipal)->length == 0)
 #endif
@@ -742,3 +738,27 @@ gssEapDisplayName(OM_uint32 *minor,
 
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+gssEapCompareName(OM_uint32 *minor,
+                  gss_name_t name1,
+                  gss_name_t name2,
+                  int *name_equal)
+{
+    krb5_context krbContext;
+
+    *minor = 0;
+
+    if (name1 == GSS_C_NO_NAME && name2 == GSS_C_NO_NAME) {
+        *name_equal = 1;
+    } else if (name1 != GSS_C_NO_NAME && name2 != GSS_C_NO_NAME) {
+        GSSEAP_KRB_INIT(&krbContext);
+
+        /* krbPrincipal is immutable, so lock not required */
+        *name_equal = krb5_principal_compare(krbContext,
+                                             name1->krbPrincipal,
+                                             name2->krbPrincipal);
+    }
+
+    return GSS_S_COMPLETE;
+}