X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_mech.c;h=7343b310fd8d02e6b44bd80f73c6ebce480971ca;hb=a4a91192e39832457581c00a484ae567b2f7e30f;hp=1b554c521bde3193767d28fe8f62650367efaf73;hpb=a6d2f06389ab7e5f95403d9223f651e34fbad66e;p=moonshot.git

diff --git a/mech_eap/util_mech.c b/mech_eap/util_mech.c
index 1b554c5..7343b31 100644
--- a/mech_eap/util_mech.c
+++ b/mech_eap/util_mech.c
@@ -30,11 +30,15 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * General mechanism utility routines.
+ */
+
 #include "gssapiP_eap.h"
 
 /*
  * 1.3.6.1.4.1.5322(padl)
- *      gssEap(21)
+ *      gssEap(22)
  *       mechanisms(1)
  *        eap-aes128-cts-hmac-sha1-96(17)
  *        eap-aes256-cts-hmac-sha1-96(18)
@@ -47,19 +51,30 @@
  *        mechInvoke(5)
  */
 
+/*
+ * Note: the enctype-less OID is used as the mechanism OID in exported
+ * names. There is no public symbol for it. This is consistent with
+ * the krb5 mechanism which, whilst known by many OIDs, always uses a
+ * canonical OID for exported names. (This OID is also returned by
+ * gss_inquire_name.)
+ */
 static gss_OID_desc gssEapMechOids[] = {
-    /* 1.3.6.1.4.1.5322.21.1  */
-    { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
-    /* 1.3.6.1.4.1.5322.21.1.17 */
-    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
-    /* 1.3.6.1.4.1.5322.21.1.18 */
-    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
+    /* 1.3.6.1.4.1.5322.22.1  */
+    { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01" },
+    /* 1.3.6.1.4.1.5322.22.1.17 */
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x11" },
+    /* 1.3.6.1.4.1.5322.22.1.18 */
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x12" }
 };
 
 gss_OID GSS_EAP_MECHANISM                            = &gssEapMechOids[0];
 gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapMechOids[1];
 gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapMechOids[2];
 
+/*
+ * Returns TRUE is the OID is a concrete mechanism OID, that is, one
+ * with a Kerberos enctype as the last element.
+ */
 int
 gssEapIsConcreteMechanismOid(const gss_OID oid)
 {
@@ -76,6 +91,9 @@ gssEapIsMechanismOid(const gss_OID oid)
            gssEapIsConcreteMechanismOid(oid);
 }
 
+/*
+ * Validate that all elements are concrete mechanism OIDs.
+ */
 OM_uint32
 gssEapValidateMechs(OM_uint32 *minor,
                     const gss_OID_set mechs)
@@ -91,8 +109,10 @@ gssEapValidateMechs(OM_uint32 *minor,
     for (i = 0; i < mechs->count; i++) {
         gss_OID oid = &mechs->elements[i];
 
-        if (!gssEapIsMechanismOid(oid))
+        if (!gssEapIsConcreteMechanismOid(oid)) {
+            *minor = GSSEAP_WRONG_MECH;
             return GSS_S_BAD_MECH;
+        }
     }
 
     return GSS_S_COMPLETE;
@@ -175,7 +195,7 @@ gssEapIndicateMechs(OM_uint32 *minor,
 
     major = gss_create_empty_oid_set(minor, mechs);
     if (GSS_ERROR(major)) {
-        GSSEAP_FREE(etypes); /* XXX */
+        GSSEAP_FREE(etypes);
         return major;
     }
 
@@ -197,7 +217,7 @@ gssEapIndicateMechs(OM_uint32 *minor,
         gss_release_oid(&tmpMinor, &mechOid);
     }
 
-    GSSEAP_FREE(etypes); /* XXX */
+    GSSEAP_FREE(etypes);
 
     *minor = 0;
     return major;
@@ -262,10 +282,27 @@ gssEapInternalizeOid(const gss_OID oid,
     return 1;
 }
 
+OM_uint32
+gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid)
+{
+    gss_OID internalizedOid = GSS_C_NO_OID;
+
+    *minor = 0;
+
+    if (gssEapInternalizeOid(*oid, &internalizedOid)) {
+        /* OID was internalized, so we can mark it as "freed" */
+        *oid = GSS_C_NO_OID;
+        return GSS_S_COMPLETE;
+    }
+
+    /* we don't know about this OID */
+    return GSS_S_CONTINUE_NEEDED;
+}
+
 static gss_buffer_desc gssEapSaslMechs[] = {
-    { sizeof("GS2-EAP"), "GS2-EAP", },
-    { sizeof("GS2-EAP-AES128"), "GS2-EAP-AES128" },
-    { sizeof("GS2-EAP-AES256"), "GS2-EAP-AES256" },
+    { sizeof("EAP") - 1,        "EAP",       }, /* not used */
+    { sizeof("EAP-AES128") - 1, "EAP-AES128" },
+    { sizeof("EAP-AES256") - 1, "EAP-AES256" },
 };
 
 gss_buffer_t
@@ -273,7 +310,7 @@ gssEapOidToSaslName(const gss_OID oid)
 {
     size_t i;
 
-    for (i = 0; i < sizeof(gssEapMechOids)/sizeof(gssEapMechOids[0]); i++) {
+    for (i = 1; i < sizeof(gssEapMechOids)/sizeof(gssEapMechOids[0]); i++) {
         if (oidEqual(&gssEapMechOids[i], oid))
             return &gssEapSaslMechs[i];
     }
@@ -286,7 +323,7 @@ gssEapSaslNameToOid(const gss_buffer_t name)
 {
     size_t i;
 
-    for (i = 0; i < sizeof(gssEapSaslMechs)/sizeof(gssEapSaslMechs[0]); i++) {
+    for (i = 1; i < sizeof(gssEapSaslMechs)/sizeof(gssEapSaslMechs[0]); i++) {
         if (bufferEqual(&gssEapSaslMechs[i], name))
             return &gssEapMechOids[i];
     }