X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_mech.c;h=131ac0b3311fbcffadefe948fbb93e3e1bf78ca6;hb=refs%2Fheads%2Fddf-name;hp=dd0c6646ebe61cfc3b36c60cd65003739097e46c;hpb=9c9534630db1d6235cb27a4247950d459af31495;p=moonshot.git

diff --git a/mech_eap/util_mech.c b/mech_eap/util_mech.c
index dd0c664..131ac0b 100644
--- a/mech_eap/util_mech.c
+++ b/mech_eap/util_mech.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52,11 +52,8 @@
  */
 
 /*
- * Note: the enctype-less OID is used as the mechanism OID in exported
- * names. There is no public symbol for it. This is consistent with
- * the krb5 mechanism which, whilst known by many OIDs, always uses a
- * canonical OID for exported names. (This OID is also returned by
- * gss_inquire_name.)
+ * Note: the enctype-less OID is used as the mechanism OID in non-
+ * canonicalized exported names.
  */
 static gss_OID_desc gssEapMechOids[] = {
     /* 1.3.6.1.4.1.5322.22.1  */
@@ -71,6 +68,10 @@ gss_OID GSS_EAP_MECHANISM                            = &gssEapMechOids[0];
 gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapMechOids[1];
 gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapMechOids[2];
 
+static int
+internalizeOid(const gss_OID oid,
+               gss_OID *const pInternalizedOid);
+
 /*
  * Returns TRUE is the OID is a concrete mechanism OID, that is, one
  * with a Kerberos enctype as the last element.
@@ -167,7 +168,7 @@ gssEapEnctypeToOid(OM_uint32 *minor,
                        enctype,
                        oid);
     if (major == GSS_S_COMPLETE) {
-        gssEapInternalizeOid(oid, pOid);
+        internalizeOid(oid, pOid);
         *pOid = oid;
     } else {
         GSSEAP_FREE(oid->elements);
@@ -195,7 +196,7 @@ gssEapIndicateMechs(OM_uint32 *minor,
 
     major = gss_create_empty_oid_set(minor, mechs);
     if (GSS_ERROR(major)) {
-        GSSEAP_FREE(etypes); /* XXX */
+        GSSEAP_FREE(etypes);
         return major;
     }
 
@@ -217,7 +218,7 @@ gssEapIndicateMechs(OM_uint32 *minor,
         gss_release_oid(&tmpMinor, &mechOid);
     }
 
-    GSSEAP_FREE(etypes); /* XXX */
+    GSSEAP_FREE(etypes);
 
     *minor = 0;
     return major;
@@ -240,7 +241,7 @@ gssEapDefaultMech(OM_uint32 *minor,
         return GSS_S_BAD_MECH;
     }
 
-    if (!gssEapInternalizeOid(&mechs->elements[0], oid)) {
+    if (!internalizeOid(&mechs->elements[0], oid)) {
         /* don't double-free if we didn't internalize it */
         mechs->elements[0].length = 0;
         mechs->elements[0].elements = NULL;
@@ -252,9 +253,9 @@ gssEapDefaultMech(OM_uint32 *minor,
     return GSS_S_COMPLETE;
 }
 
-int
-gssEapInternalizeOid(const gss_OID oid,
-                     gss_OID *const pInternalizedOid)
+static int
+internalizeOid(const gss_OID oid,
+               gss_OID *const pInternalizedOid)
 {
     int i;
 
@@ -270,8 +271,8 @@ gssEapInternalizeOid(const gss_OID oid,
     }
 
     if (*pInternalizedOid == GSS_C_NO_OID) {
-        if (oidEqual(oid, GSS_EAP_NT_PRINCIPAL_NAME))
-            *pInternalizedOid = (const gss_OID)GSS_EAP_NT_PRINCIPAL_NAME;
+        if (oidEqual(oid, GSS_EAP_NT_EAP_NAME))
+            *pInternalizedOid = (const gss_OID)GSS_EAP_NT_EAP_NAME;
     }
 
     if (*pInternalizedOid == GSS_C_NO_OID) {
@@ -282,6 +283,65 @@ gssEapInternalizeOid(const gss_OID oid,
     return 1;
 }
 
+OM_uint32
+gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid)
+{
+    gss_OID internalizedOid = GSS_C_NO_OID;
+
+    *minor = 0;
+
+    if (internalizeOid(*oid, &internalizedOid)) {
+        /* OID was internalized, so we can mark it as "freed" */
+        *oid = GSS_C_NO_OID;
+        return GSS_S_COMPLETE;
+    }
+
+    /* we don't know about this OID */
+    return GSS_S_CONTINUE_NEEDED;
+}
+
+OM_uint32
+gssEapCanonicalizeOid(OM_uint32 *minor,
+                      const gss_OID oid,
+                      OM_uint32 flags,
+                      gss_OID *pOid)
+{
+    OM_uint32 major;
+    int mapToNull = 0;
+
+    major = GSS_S_COMPLETE;
+    *minor = 0;
+    *pOid = GSS_C_NULL_OID;
+
+    if (oid == GSS_C_NULL_OID) {
+        if ((flags & OID_FLAG_NULL_VALID) == 0) {
+            *minor = GSSEAP_WRONG_MECH;
+            return GSS_S_BAD_MECH;
+        } else if (flags & OID_FLAG_MAP_NULL_TO_DEFAULT_MECH) {
+            return gssEapDefaultMech(minor, pOid);
+        } else {
+            mapToNull = 1;
+        }
+    } else if (oidEqual(oid, GSS_EAP_MECHANISM)) {
+        if ((flags & OID_FLAG_FAMILY_MECH_VALID) == 0) {
+            *minor = GSSEAP_WRONG_MECH;
+            return GSS_S_BAD_MECH;
+        } else if (flags & OID_FLAG_MAP_FAMILY_MECH_TO_NULL) {
+            mapToNull = 1;
+        }
+    } else if (!gssEapIsConcreteMechanismOid(oid)) {
+        *minor = GSSEAP_WRONG_MECH;
+        return GSS_S_BAD_MECH;
+    }
+
+    if (!mapToNull) {
+        if (!internalizeOid(oid, pOid))
+            major = duplicateOid(minor, oid, pOid);
+    }
+
+    return major;
+}
+
 static gss_buffer_desc gssEapSaslMechs[] = {
     { sizeof("EAP") - 1,        "EAP",       }, /* not used */
     { sizeof("EAP-AES128") - 1, "EAP-AES128" },