X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_name.c;h=29b083991e8d5c6897e43b3681970a5f5f5868ae;hb=81378d116795fa8a7a56dc8e00c3b2666126682d;hp=9f0e2197b33c30b3f84b68f38c131185242987e4;hpb=fccb62a45fe5beeb53a8660237e2919760e9e2c2;p=mech_eap.orig diff --git a/util_name.c b/util_name.c index 9f0e219..29b0839 100644 --- a/util_name.c +++ b/util_name.c @@ -57,7 +57,7 @@ static gss_OID_desc gssEapNtPrincipalName = { /* 1.3.6.1.4.1.5322.21.2.1 */ - 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x02\x01" + 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x02\x01" }; gss_OID GSS_EAP_NT_PRINCIPAL_NAME = &gssEapNtPrincipalName; @@ -68,7 +68,7 @@ gssEapAllocName(OM_uint32 *minor, gss_name_t *pName) OM_uint32 tmpMinor; gss_name_t name; - assert(*pName == GSS_C_NO_NAME); + *pName = GSS_C_NO_NAME; name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name)); if (name == NULL) { @@ -106,8 +106,7 @@ gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName) GSSEAP_KRB_INIT(&krbContext); krb5_free_principal(krbContext, name->krbPrincipal); - radiusFreeAVPs(&tmpMinor, name->avps); - samlFreeAssertion(&tmpMinor, name->assertion); + gssEapReleaseAttrContext(&tmpMinor, name); GSSEAP_MUTEX_DESTROY(&name->mutex); GSSEAP_FREE(name); @@ -138,7 +137,9 @@ krbPrincipalToName(OM_uint32 *minor, name->flags |= NAME_FLAG_SERVICE; } + *pName = name; *minor = 0; + return GSS_S_COMPLETE; } @@ -220,10 +221,10 @@ importExportedName(OM_uint32 *minor, OM_uint32 major, tmpMinor; krb5_context krbContext; unsigned char *p; - int composite = 0; size_t len, remain; gss_buffer_desc buf; enum gss_eap_token_type tok_type; + gss_name_t name = GSS_C_NO_NAME; GSSEAP_KRB_INIT(&krbContext); @@ -233,61 +234,91 @@ importExportedName(OM_uint32 *minor, if (remain < 6 + GSS_EAP_MECHANISM->length + 4) return GSS_S_BAD_NAME; +#define UPDATE_REMAIN(n) do { \ + p += (n); \ + remain -= (n); \ + } while (0) + /* TOK_ID */ tok_type = load_uint16_be(p); if (tok_type != TOK_TYPE_EXPORT_NAME && tok_type != TOK_TYPE_EXPORT_NAME_COMPOSITE) return GSS_S_BAD_NAME; - p += 2; - remain -= 2; + UPDATE_REMAIN(2); /* MECH_OID_LEN */ len = load_uint16_be(p); if (len != 2 + GSS_EAP_MECHANISM->length) return GSS_S_BAD_NAME; - p += 2; - remain -= 2; + UPDATE_REMAIN(2); /* MECH_OID */ if (p[0] != 0x06) return GSS_S_BAD_NAME; if (p[1] != GSS_EAP_MECHANISM->length) return GSS_S_BAD_MECH; - if (memcmp(p, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length)) + if (memcmp(&p[2], GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length)) return GSS_S_BAD_MECH; - p += 2 + GSS_EAP_MECHANISM->length; - remain -= 2 + GSS_EAP_MECHANISM->length; + UPDATE_REMAIN(2 + GSS_EAP_MECHANISM->length); /* NAME_LEN */ len = load_uint32_be(p); - p += 4; + UPDATE_REMAIN(4); - if (remain < len) - return GSS_S_BAD_NAME; +#define CHECK_REMAIN(n) do { \ + if (remain < (n)) { \ + *minor = ERANGE; \ + major = GSS_S_BAD_NAME; \ + goto cleanup; \ + } \ + } while (0) /* NAME */ + CHECK_REMAIN(len); buf.length = len; buf.value = p; + UPDATE_REMAIN(len); + + major = importUserName(minor, &buf, &name); + if (GSS_ERROR(major)) + goto cleanup; - p += len; - remain -= len; + if (tok_type == TOK_TYPE_EXPORT_NAME_COMPOSITE) { + gss_buffer_desc buf; - if (composite == 0 && remain != 0) - return GSS_S_BAD_NAME; + CHECK_REMAIN(4); + name->flags = load_uint32_be(p); + UPDATE_REMAIN(4); - major = importUserName(minor, &buf, pName); - if (GSS_ERROR(major)) - return major; + CHECK_REMAIN(4); + buf.length = load_uint32_be(p); + UPDATE_REMAIN(4); - /* XXX TODO composite handling */ + CHECK_REMAIN(buf.length); + buf.value = p; + UPDATE_REMAIN(buf.length); - return GSS_S_COMPLETE; + major = gssEapImportAttrContext(minor, &buf, name); + if (GSS_ERROR(major)) + goto cleanup; + } + + major = GSS_S_COMPLETE; + +cleanup: + if (GSS_ERROR(major)) + gssEapReleaseName(&tmpMinor, &name); + else + *pName = name; + + return major; } -OM_uint32 gssEapImportName(OM_uint32 *minor, - const gss_buffer_t nameBuffer, - gss_OID nameType, - gss_name_t *name) +OM_uint32 +gssEapImportName(OM_uint32 *minor, + const gss_buffer_t nameBuffer, + gss_OID nameType, + gss_name_t *name) { OM_uint32 major, tmpMinor; @@ -311,16 +342,18 @@ OM_uint32 gssEapImportName(OM_uint32 *minor, return major; } -OM_uint32 gssEapExportName(OM_uint32 *minor, - const gss_name_t name, - gss_buffer_t exportedName, - int composite) +OM_uint32 +gssEapExportName(OM_uint32 *minor, + const gss_name_t name, + gss_buffer_t exportedName, + int composite) { OM_uint32 major = GSS_S_FAILURE, tmpMinor; krb5_context krbContext; char *krbName = NULL; size_t krbNameLen; unsigned char *p; + gss_buffer_desc attrs = GSS_C_EMPTY_BUFFER; exportedName->length = 0; exportedName->value = NULL; @@ -328,25 +361,26 @@ OM_uint32 gssEapExportName(OM_uint32 *minor, GSSEAP_KRB_INIT(&krbContext); GSSEAP_MUTEX_LOCK(&name->mutex); - /* - * Don't export a composite name if we don't have any attributes. - */ - if (composite && !NAME_HAS_ATTRIBUTES(name)) - composite = 0; - *minor = krb5_unparse_name(krbContext, name->krbPrincipal, &krbName); - if (*minor != 0) + if (*minor != 0) { + major = GSS_S_FAILURE; goto cleanup; + } krbNameLen = strlen(krbName); exportedName->length = 6 + GSS_EAP_MECHANISM->length + 4 + krbNameLen; if (composite) { - /* TODO: export SAML/AVP, this is pending specification */ - GSSEAP_NOT_IMPLEMENTED; + exportedName->length += 4; + + major = gssEapExportAttrContext(minor, name, &attrs); + if (GSS_ERROR(major)) + goto cleanup; + exportedName->length += 4 + attrs.length; } exportedName->value = GSSEAP_MALLOC(exportedName->length); if (exportedName->value == NULL) { + major = GSS_S_FAILURE; *minor = ENOMEM; goto cleanup; } @@ -375,14 +409,25 @@ OM_uint32 gssEapExportName(OM_uint32 *minor, memcpy(p, krbName, krbNameLen); p += krbNameLen; + if (composite) { + store_uint32_be(name->flags, p); + p += 4; + + store_uint32_be(attrs.length, p); + memcpy(&p[4], attrs.value, attrs.length); + p += 4 + attrs.length; + } + *minor = 0; major = GSS_S_COMPLETE; cleanup: GSSEAP_MUTEX_UNLOCK(&name->mutex); + gss_release_buffer(&tmpMinor, &attrs); if (GSS_ERROR(major)) gss_release_buffer(&tmpMinor, exportedName); krb5_free_unparsed_name(krbContext, krbName); return major; } +