X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_name.c;h=b1475f86bd238a4a974f84f7a665d8d5f7d871a1;hb=163856b1a70d7773c46d4ea5495b85c4dce0f089;hp=cc224b51ec1c3ee9e75bf5ff7855388a6169e786;hpb=b88447b52a835b6bf94de31ab05b48721ff2a33c;p=mech_eap.git diff --git a/util_name.c b/util_name.c index cc224b5..b1475f8 100644 --- a/util_name.c +++ b/util_name.c @@ -53,6 +53,10 @@ * or implied warranty. */ +/* + * Name utility routines. + */ + #include "gssapiP_eap.h" static gss_OID_desc gssEapNtPrincipalName = { @@ -94,6 +98,8 @@ gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName) krb5_context krbContext = NULL; OM_uint32 tmpMinor; + *minor = 0; + if (pName == NULL) { return GSS_S_COMPLETE; } @@ -112,7 +118,6 @@ gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName) GSSEAP_FREE(name); *pName = NULL; - *minor = 0; return GSS_S_COMPLETE; } @@ -131,10 +136,10 @@ krbPrincipalToName(OM_uint32 *minor, name->krbPrincipal = *principal; *principal = NULL; - if (name->krbPrincipal->length == 1) { - name->flags |= NAME_FLAG_NAI; - } else { + if (KRB_PRINC_LENGTH(name->krbPrincipal) > 1) { name->flags |= NAME_FLAG_SERVICE; + } else { + name->flags |= NAME_FLAG_NAI; } *pName = name; @@ -166,10 +171,10 @@ importServiceName(OM_uint32 *minor, } /* XXX this is probably NOT what we want to be doing */ - *minor = krb5_sname_to_principal(krbContext, host, service, - KRB5_NT_SRV_HST, &krbPrinc); - if (*minor != 0) { + if (krb5_sname_to_principal(krbContext, host, service, + KRB5_NT_SRV_HST, &krbPrinc) != 0) { GSSEAP_FREE(service); + *minor = GSSEAP_BAD_SERVICE_NAME; return GSS_S_FAILURE; } @@ -196,7 +201,7 @@ importUserName(OM_uint32 *minor, if (nameBuffer == GSS_C_NO_BUFFER) { *minor = krb5_copy_principal(krbContext, - krb5_anonymous_principal(), &krbPrinc); + krbAnonymousPrincipal(), &krbPrinc); if (*minor != 0) return GSS_S_FAILURE; } else { @@ -220,6 +225,30 @@ importUserName(OM_uint32 *minor, return major; } +static OM_uint32 +importAnonymousName(OM_uint32 *minor, + const gss_buffer_t nameBuffer, + gss_name_t *pName) +{ + OM_uint32 major; + krb5_context krbContext; + krb5_principal krbPrinc; + + GSSEAP_KRB_INIT(&krbContext); + + *minor = krb5_copy_principal(krbContext, krbAnonymousPrincipal(), + &krbPrinc); + if (*minor != 0) + return GSS_S_FAILURE; + + major = krbPrincipalToName(minor, &krbPrinc, pName); + if (GSS_ERROR(major)) { + krb5_free_principal(krbContext, krbPrinc); + } + + return major; +} + #define UPDATE_REMAIN(n) do { \ p += (n); \ remain -= (n); \ @@ -227,8 +256,8 @@ importUserName(OM_uint32 *minor, #define CHECK_REMAIN(n) do { \ if (remain < (n)) { \ - *minor = ERANGE; \ major = GSS_S_BAD_NAME; \ + *minor = GSSEAP_TOK_TRUNC; \ goto cleanup; \ } \ } while (0) @@ -299,13 +328,8 @@ gssEapImportNameInternal(OM_uint32 *minor, if (flags & EXPORT_NAME_FLAG_COMPOSITE) { gss_buffer_desc buf; - CHECK_REMAIN(4); - buf.length = load_uint32_be(p); - UPDATE_REMAIN(4); - - CHECK_REMAIN(buf.length); + buf.length = remain; buf.value = p; - UPDATE_REMAIN(buf.length); major = gssEapImportAttrContext(minor, &buf, name); if (GSS_ERROR(major)) @@ -313,6 +337,7 @@ gssEapImportNameInternal(OM_uint32 *minor, } major = GSS_S_COMPLETE; + *minor = 0; cleanup: if (GSS_ERROR(major)) @@ -360,6 +385,7 @@ gssEapImportName(OM_uint32 *minor, { GSS_EAP_NT_PRINCIPAL_NAME, importUserName }, { GSS_C_NT_HOSTBASED_SERVICE, importServiceName }, { GSS_C_NT_HOSTBASED_SERVICE_X, importServiceName }, + { GSS_C_NT_ANONYMOUS, importAnonymousName }, { GSS_C_NT_EXPORT_NAME, importExportName }, #ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT { GSS_C_NT_COMPOSITE_EXPORT, importCompositeExportName }, @@ -423,7 +449,7 @@ gssEapExportNameInternal(OM_uint32 *minor, major = gssEapExportAttrContext(minor, name, &attrs); if (GSS_ERROR(major)) goto cleanup; - exportedNameLen += 4 + attrs.length; + exportedNameLen += attrs.length; } exportedName->value = GSSEAP_MALLOC(exportedNameLen); @@ -462,13 +488,14 @@ gssEapExportNameInternal(OM_uint32 *minor, p += krbNameLen; if (flags & EXPORT_NAME_FLAG_COMPOSITE) { - store_uint32_be(attrs.length, p); - memcpy(&p[4], attrs.value, attrs.length); - p += 4 + attrs.length; + memcpy(p, attrs.value, attrs.length); + p += attrs.length; } - *minor = 0; + assert(p == (unsigned char *)exportedName->value + exportedNameLen); + major = GSS_S_COMPLETE; + *minor = 0; cleanup: gss_release_buffer(&tmpMinor, &attrs); @@ -500,6 +527,8 @@ gssEapDuplicateName(OM_uint32 *minor, return major; } + name->flags = input_name->flags; + *minor = krb5_copy_principal(krbContext, input_name->krbPrincipal, &name->krbPrincipal); if (*minor != 0) { @@ -532,6 +561,7 @@ gssEapDisplayName(OM_uint32 *minor, OM_uint32 major; krb5_context krbContext; char *krbName; + gss_OID name_type; GSSEAP_KRB_INIT(&krbContext); @@ -556,8 +586,16 @@ gssEapDisplayName(OM_uint32 *minor, krb5_free_unparsed_name(krbContext, krbName); + if (KRB_PRINC_TYPE(name->krbPrincipal) == KRB5_NT_WELLKNOWN && + krb5_principal_compare(krbContext, + name->krbPrincipal, krbAnonymousPrincipal())) { + name_type = GSS_C_NT_ANONYMOUS; + } else { + name_type = GSS_EAP_NT_PRINCIPAL_NAME; + } + if (output_name_type != NULL) - *output_name_type = GSS_EAP_NT_PRINCIPAL_NAME; + *output_name_type = name_type; return GSS_S_COMPLETE; }