krb5_context krbContext;
krb5_principal krbPrinc = NULL;
krb5_error_code code;
+ char *nameString;
GSSEAP_KRB_INIT(&krbContext);
if (nameBuffer == GSS_C_NO_BUFFER) {
- code = krb5_copy_principal(krbContext,
- krbAnonymousPrincipal(), &krbPrinc);
- if (code != 0) {
- *minor = code;
- return GSS_S_FAILURE;
- }
+ nameString = "";
+ code = KRB5_PARSE_MALFORMED;
} else {
- char *nameString;
-
major = bufferToString(minor, nameBuffer, &nameString);
if (GSS_ERROR(major))
return major;
*/
code = krb5_parse_name_flags(krbContext, nameString,
KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &krbPrinc);
- if (code == KRB5_PARSE_MALFORMED) {
- char *defaultRealm = NULL;
- int parseFlags = 0;
+ }
+
+ if (code == KRB5_PARSE_MALFORMED) {
+ char *defaultRealm = NULL;
+ int parseFlags = 0;
- /* Possibly append the default EAP realm if required */
- if (importFlags & IMPORT_FLAG_DEFAULT_REALM)
- defaultRealm = gssEapGetDefaultRealm(krbContext);
+ /* Possibly append the default EAP realm if required */
+ if (importFlags & IMPORT_FLAG_DEFAULT_REALM)
+ defaultRealm = gssEapGetDefaultRealm(krbContext);
- /* If no default realm, leave the realm empty in the parsed name */
- if (defaultRealm == NULL || defaultRealm[0] == '\0')
- parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM;
+ /* If no default realm, leave the realm empty in the parsed name */
+ if (defaultRealm == NULL || defaultRealm[0] == '\0')
+ parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM;
- code = krb5_parse_name_flags(krbContext, nameString, parseFlags, &krbPrinc);
+ code = krb5_parse_name_flags(krbContext, nameString, parseFlags, &krbPrinc);
#ifdef HAVE_HEIMDAL_VERSION
- if (code == 0 && KRB_PRINC_REALM(krbPrinc) == NULL) {
- KRB_PRINC_REALM(krbPrinc) = GSSEAP_CALLOC(1, sizeof(char));
- if (KRB_PRINC_REALM(krbPrinc) == NULL)
- code = ENOMEM;
- }
+ if (code == 0 && KRB_PRINC_REALM(krbPrinc) == NULL) {
+ KRB_PRINC_REALM(krbPrinc) = GSSEAP_CALLOC(1, sizeof(char));
+ if (KRB_PRINC_REALM(krbPrinc) == NULL)
+ code = ENOMEM;
+ }
#endif
- if (defaultRealm != NULL)
- GSSEAP_FREE(defaultRealm);
- }
+ if (defaultRealm != NULL)
+ GSSEAP_FREE(defaultRealm);
+ }
+ if (nameBuffer != GSS_C_NO_BUFFER)
GSSEAP_FREE(nameString);
- if (code != 0) {
- *minor = code;
- return GSS_S_FAILURE;
- }
+ if (code != 0) {
+ *minor = code;
+ return GSS_S_FAILURE;
}
assert(krbPrinc != NULL);
gss_OID_desc mech;
/* TOK_ID || MECH_OID_LEN || MECH_OID */
- if (remain < 6)
+ if (remain < 6) {
+ *minor = GSSEAP_BAD_NAME_TOKEN;
return GSS_S_BAD_NAME;
+ }
if (flags & EXPORT_NAME_FLAG_COMPOSITE)
tokType = TOK_TYPE_EXPORT_NAME_COMPOSITE;
tokType = TOK_TYPE_EXPORT_NAME;
/* TOK_ID */
- if (load_uint16_be(p) != tokType)
+ if (load_uint16_be(p) != tokType) {
+ *minor = GSSEAP_WRONG_TOK_ID;
return GSS_S_BAD_NAME;
+ }
UPDATE_REMAIN(2);
/* MECH_OID_LEN */
len = load_uint16_be(p);
- if (len < 2)
+ if (len < 2) {
+ *minor = GSSEAP_BAD_NAME_TOKEN;
return GSS_S_BAD_NAME;
+ }
UPDATE_REMAIN(2);
/* MECH_OID */
- if (p[0] != 0x06)
+ if (p[0] != 0x06) {
+ *minor = GSSEAP_BAD_NAME_TOKEN;
return GSS_S_BAD_NAME;
+ }
mech.length = p[1];
mech.elements = &p[2];
}
exportedNameLen += 4 + nameBuf.length;
if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
- OM_uint32 attrFlags = 0;
-
- if (flags & EXPORT_NAME_FLAG_DISABLE_LOCAL_ATTRS)
- attrFlags |= ATTR_FLAG_DISABLE_LOCAL;
-
- major = gssEapExportAttrContext(minor, name, &attrs, attrFlags);
+ major = gssEapExportAttrContext(minor, name, &attrs);
if (GSS_ERROR(major))
goto cleanup;
exportedNameLen += attrs.length;
krb5_free_unparsed_name(krbContext, krbName);
- if (KRB_PRINC_TYPE(name->krbPrincipal) == KRB5_NT_WELLKNOWN &&
- krb5_principal_compare(krbContext,
- name->krbPrincipal, krbAnonymousPrincipal())) {
+ if (output_name_buffer->length == 0) {
name_type = GSS_C_NT_ANONYMOUS;
+ } else if (name->flags & NAME_FLAG_NAI) {
+ name_type = GSS_C_NT_USER_NAME;
} else {
name_type = GSS_EAP_NT_EAP_NAME;
}