X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_cred.c;h=746bd616a5019eaca25976b045a7beb2380d2f8b;hb=3d5083e8a273503d6d5233195d2ee7cb2e754e6d;hp=4c8c8c7ec7b3c93536608e4e2bed8fbb8480a2f3;hpb=06e2ee5ccf545c5e63ad0119ccc7e41653641c86;p=mech_eap.orig diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c index 4c8c8c7..746bd61 100644 --- a/mech_eap/util_cred.c +++ b/mech_eap/util_cred.c @@ -36,7 +36,12 @@ #include "gssapiP_eap.h" -#include +#ifdef WIN32 +# include /* may need to use ShFolder.h instead */ +# include +#else +# include +#endif OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred) @@ -53,7 +58,7 @@ gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred) } if (GSSEAP_MUTEX_INIT(&cred->mutex) != 0) { - *minor = errno; + *minor = GSSEAP_GET_LAST_ERROR(); gssEapReleaseCred(&tmpMinor, &cred); return GSS_S_FAILURE; } @@ -127,10 +132,13 @@ readStaticIdentityFile(OM_uint32 *minor, { OM_uint32 major, tmpMinor; FILE *fp = NULL; - char pwbuf[BUFSIZ], buf[BUFSIZ]; + char buf[BUFSIZ]; char *ccacheName; - struct passwd *pw = NULL, pwd; int i = 0; +#ifndef WIN32 + struct passwd *pw = NULL, pwd; + char pwbuf[BUFSIZ]; +#endif defaultIdentity->length = 0; defaultIdentity->value = NULL; @@ -142,14 +150,30 @@ readStaticIdentityFile(OM_uint32 *minor, ccacheName = getenv("GSSEAP_IDENTITY"); if (ccacheName == NULL) { +#ifdef WIN32 + TCHAR szPath[MAX_PATH]; + + if (!SUCCEEDED(SHGetFolderPath(NULL, + CSIDL_APPDATA, /* |CSIDL_FLAG_CREATE */ + NULL, /* User access token */ + 0, /* SHGFP_TYPE_CURRENT */ + szPath))) { + major = GSS_S_CRED_UNAVAIL; + *minor = GSSEAP_GET_LAST_ERROR(); /* XXX */ + goto cleanup; + } + + snprintf(buf, sizeof(buf), "%s/.gss_eap_id", szPath); +#else if (getpwuid_r(getuid(), &pwd, pwbuf, sizeof(pwbuf), &pw) != 0 || pw == NULL || pw->pw_dir == NULL) { major = GSS_S_CRED_UNAVAIL; - *minor = errno; + *minor = GSSEAP_GET_LAST_ERROR(); goto cleanup; } snprintf(buf, sizeof(buf), "%s/.gss_eap_id", pw->pw_dir); +#endif /* WIN32 */ ccacheName = buf; } @@ -283,6 +307,18 @@ gssEapAcquireCred(OM_uint32 *minor, GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); } +#ifdef GSSEAP_ENABLE_ACCEPTOR + if (cred->flags & CRED_FLAG_ACCEPT) { + struct rs_context *radContext; + + major = gssEapCreateRadiusContext(minor, cred, &radContext); + if (GSS_ERROR(major)) + goto cleanup; + + rs_context_destroy(radContext); + } +#endif + if (pActualMechs != NULL) { major = duplicateOidSet(minor, cred->mechanisms, pActualMechs); if (GSS_ERROR(major)) @@ -314,7 +350,7 @@ gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech) OM_uint32 minor; int present = 0; - assert(mech != GSS_C_NO_OID); + GSSEAP_ASSERT(mech != GSS_C_NO_OID); if (cred == GSS_C_NO_CREDENTIAL || cred->mechanisms == GSS_C_NO_OID_SET) return TRUE; @@ -499,6 +535,40 @@ cleanup: return major; } +OM_uint32 +gssEapSetCredService(OM_uint32 *minor, + gss_cred_id_t cred, + const gss_name_t target) +{ + OM_uint32 major, tmpMinor; + gss_name_t newTarget = GSS_C_NO_NAME; + + if (cred->flags & CRED_FLAG_RESOLVED) { + major = GSS_S_FAILURE; + *minor = GSSEAP_CRED_RESOLVED; + goto cleanup; + } + + if (target != GSS_C_NO_NAME) { + major = gssEapDuplicateName(minor, target, &newTarget); + if (GSS_ERROR(major)) + goto cleanup; + + cred->flags |= CRED_FLAG_TARGET; + } else { + cred->flags &= ~(CRED_FLAG_TARGET); + } + + gssEapReleaseName(&tmpMinor, &cred->target); + cred->target = newTarget; + + major = GSS_S_COMPLETE; + *minor = 0; + +cleanup: + return major; +} + static OM_uint32 gssEapDuplicateCred(OM_uint32 *minor, const gss_cred_id_t src, @@ -660,9 +730,10 @@ gssEapResolveInitiatorCred(OM_uint32 *minor, if (major == GSS_S_CRED_UNAVAIL) #endif major = staticIdentityFileResolveInitiatorCred(minor, resolvedCred); - if (GSS_ERROR(major)) + if (GSS_ERROR(major) && major != GSS_S_CRED_UNAVAIL) goto cleanup; + /* If we have a caller-supplied password, the credential is resolved. */ if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) { major = GSS_S_CRED_UNAVAIL; *minor = GSSEAP_NO_DEFAULT_CRED;