X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Finit_sec_context.c;fp=mech_eap%2Finit_sec_context.c;h=9da9f4f7cffd68c4c77a8efdbecaa1e87b0865f5;hb=b4d011c05f7c47579d346a20eb23fbc3b245edd9;hp=fa4d832b48c24b3cb5a5d1b9752e5a6f13dadfd4;hpb=0352b780216895939c8d5c986b1328226ddb8dbe;p=mech_eap.git diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index fa4d832..9da9f4f 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -562,32 +562,38 @@ eapGssSmInitAcceptorName(OM_uint32 *minor, if (GSS_ERROR(major)) return major; } else if (inputToken != GSS_C_NO_BUFFER) { - /* Accept target name hint from acceptor or verify acceptor*/ - gss_name_t importedName; + OM_uint32 tmpMinor; + gss_name_t nameHint; + int equal; + + /* Accept target name hint from acceptor or verify acceptor */ major = gssEapImportName(minor, inputToken, GSS_C_NT_USER_NAME, ctx->mechanismUsed, - &importedName); + &nameHint); if (GSS_ERROR(major)) return major; - if (ctx->acceptorName) { - /* verify name */ - int equal = 0; - OM_uint32 ignoredMinor = 0; - major = gss_compare_name(minor, importedName, - ctx->acceptorName, &equal); - gss_release_name(&ignoredMinor, &importedName); - if (GSS_ERROR(major)) - return major; - if (!equal) { - *minor = GSSEAP_BAD_CONTEXT_TOKEN; - return GSS_S_DEFECTIVE_TOKEN; - } - } else { - /* accept acceptor name hint */ - ctx->acceptorName = importedName; - importedName = NULL; - } + + if (ctx->acceptorName != GSS_C_NO_NAME) { + /* verify name hint matched asserted acceptor name */ + major = gss_compare_name(minor, nameHint, + ctx->acceptorName, &equal); + if (GSS_ERROR(major)) { + gss_release_name(&tmpMinor, &nameHint); + return major; + } + + gss_release_name(&tmpMinor, &nameHint); + + if (!equal) { + *minor = GSSEAP_BAD_CONTEXT_TOKEN; + return GSS_S_DEFECTIVE_TOKEN; + } + } else { + /* accept acceptor name hint */ + ctx->acceptorName = nameHint; + nameHint = GSS_C_NO_NAME; + } }