X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_moonshot.c;h=6d90eb2a176818fda3453f3f1e883930f121a45e;hb=a1264eff395d75645a8ce869839120ea0be8cd58;hp=75db452b93d87c22de0a21f33cd686b1795fa721;hpb=5229ab0c335b489d4c1125e3eb44ef1d6c92fb4e;p=mech_eap.git diff --git a/mech_eap/util_moonshot.c b/mech_eap/util_moonshot.c index 75db452..6d90eb2 100644 --- a/mech_eap/util_moonshot.c +++ b/mech_eap/util_moonshot.c @@ -41,7 +41,7 @@ libMoonshotMapError(OM_uint32 *minor, { MoonshotError *error = *pError; - assert(error != NULL); + GSSEAP_ASSERT(error != NULL); switch (error->code) { case MOONSHOT_ERROR_UNABLE_TO_START_SERVICE: @@ -129,10 +129,19 @@ cleanup: return major; } +static int stringEmpty(const char * s) +{ + if (s == NULL) + return 1; + if (strlen(s) > 0) + return 0; + return 1; +} + OM_uint32 libMoonshotResolveInitiatorCred(OM_uint32 *minor, gss_cred_id_t cred, - const gss_name_t targetName) + gss_const_name_t targetName) { OM_uint32 major, tmpMinor; gss_OID nameMech = gssEapPrimaryMechForCred(cred); @@ -148,13 +157,13 @@ libMoonshotResolveInitiatorCred(OM_uint32 *minor, MoonshotError *error = NULL; if (cred->name != GSS_C_NO_NAME) { - major = gssEapExportName(minor, cred->name, &initiator); + major = gssEapDisplayName(minor, cred->name, &initiator, NULL); if (GSS_ERROR(major)) goto cleanup; } if (targetName != GSS_C_NO_NAME) { - major = gssEapExportName(minor, targetName, &target); + major = gssEapDisplayName(minor, targetName, &target, NULL); if (GSS_ERROR(major)) goto cleanup; } @@ -191,10 +200,11 @@ libMoonshotResolveInitiatorCred(OM_uint32 *minor, goto cleanup; gss_release_buffer(&tmpMinor, &cred->caCertificate); + gss_release_buffer(&tmpMinor, &cred->caCertificateBlob); gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint); gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint); - if (serverCertificateHash != NULL) { + if (!stringEmpty(serverCertificateHash)) { size_t len = strlen(serverCertificateHash); #define HASH_PREFIX "hash://server/sha256/" @@ -213,13 +223,38 @@ libMoonshotResolveInitiatorCred(OM_uint32 *minor, ((char *)cred->caCertificate.value)[HASH_PREFIX_LEN + len] = '\0'; cred->caCertificate.length = HASH_PREFIX_LEN + len; - } else if (caCertificate != NULL) { - makeStringBufferOrCleanup(caCertificate, &cred->caCertificate); + } else if (!stringEmpty(caCertificate)) { + void *blobData; + ssize_t blobLength; + ssize_t maxLength = ((strlen(caCertificate) + 3) / 4) * 3; + if (maxLength < 3) { + major = GSS_S_FAILURE; + *minor = GSSEAP_BAD_CACERTIFICATE; + goto cleanup; + } + blobData = GSSEAP_MALLOC(maxLength); + if (blobData == NULL) { + major = GSS_S_FAILURE; + *minor = ENOMEM; + goto cleanup; + } + + blobLength = base64Decode(caCertificate, blobData); + + if (blobLength <= 0) { + major = GSS_S_DEFECTIVE_CREDENTIAL; + *minor = GSSEAP_BAD_CACERTIFICATE; + GSSEAP_FREE(blobData); + goto cleanup; + } + cred->caCertificateBlob.value = blobData; + cred->caCertificateBlob.length = blobLength; + makeStringBufferOrCleanup("blob://ca-cert", &cred->caCertificate); } - if (subjectNameConstraint != NULL) + if (!stringEmpty(subjectNameConstraint)) makeStringBufferOrCleanup(subjectNameConstraint, &cred->subjectNameConstraint); - if (subjectAltNameConstraint != NULL) + if (!stringEmpty(subjectAltNameConstraint)) makeStringBufferOrCleanup(subjectAltNameConstraint, &cred->subjectAltNameConstraint); cleanup: