const gss_OID mech_type,
gss_name_t *output_name)
{
- if (mech_type != GSS_C_NULL_OID &&
- !gssEapIsMechanismOid(mech_type)) {
+ if (!gssEapIsMechanismOid(mech_type)) {
*minor = 0;
return GSS_S_BAD_MECH;
}
krb5_free_unparsed_name(krbContext, krbName);
- *output_name_type = (gss_OID)GSS_EAP_NT_PRINCIPAL_NAME;
+ *output_name_type = GSS_EAP_NT_PRINCIPAL_NAME;
return GSS_S_COMPLETE;
}
status_string->length = 0;
status_string->value = NULL;
- if (mech_type != GSS_C_NO_OID &&
- !gssEapIsMechanismOid(mech_type)) {
+ if (!gssEapIsMechanismOid(mech_type)) {
return GSS_S_BAD_MECH;
}
const gss_name_t input_name,
gss_buffer_t exported_name)
{
+ if (input_name == GSS_C_NO_NAME) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+ }
+
return gssEapExportName(minor, input_name, exported_name, 0);
}
gss_name_t input_name,
gss_buffer_t exported_name)
{
+ if (input_name == GSS_C_NO_NAME) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+ }
+
return gssEapExportName(minor, input_name, exported_name, 1);
}
extern "C" {
#endif /* __cplusplus */
-extern const gss_OID_desc *const GSS_EAP_MECHANISM;
-extern const gss_OID_desc *const GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM;
-extern const gss_OID_desc *const GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM;
+extern gss_OID GSS_EAP_MECHANISM;
+extern gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM;
+extern gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM;
/* name type */
-extern const gss_OID_desc *const GSS_EAP_NT_PRINCIPAL_NAME;
+extern gss_OID GSS_EAP_NT_PRINCIPAL_NAME;
#ifdef __cplusplus
}
gss_OID mechanism,
gss_OID_set *name_types)
{
- GSSEAP_NOT_IMPLEMENTED;
+ OM_uint32 major, tmpMinor;
+
+ if (!gssEapIsMechanismOid(mechanism)) {
+ *minor = 0;
+ return GSS_S_BAD_MECH;
+ }
+
+ major = gss_create_empty_oid_set(minor, name_types);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+ major = gss_add_oid_set_member(minor, GSS_C_NT_USER_NAME, name_types);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+ major = gss_add_oid_set_member(minor, GSS_C_NT_HOSTBASED_SERVICE, name_types);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+ major = gss_add_oid_set_member(minor, GSS_C_NT_EXPORT_NAME, name_types);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+ major = gss_add_oid_set_member(minor, GSS_EAP_NT_PRINCIPAL_NAME, name_types);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+cleanup:
+ if (GSS_ERROR(major))
+ gss_release_oid_set(&tmpMinor, name_types);
+
+ return major;
}
/* util_token.c */
enum gss_eap_token_type {
- TOK_TYPE_EAP_RESP = 0x0601,
- TOK_TYPE_EAP_REQ = 0x0602,
- TOK_TYPE_GSS_CB = 0x0603,
- TOK_TYPE_MIC = 0x0404,
- TOK_TYPE_WRAP = 0x0504,
- TOK_TYPE_DELETE = 0x0405,
- TOK_TYPE_NONE = 0xFFFF
+ TOK_TYPE_NONE = 0x0000,
+ TOK_TYPE_EAP_RESP = 0x0601,
+ TOK_TYPE_EAP_REQ = 0x0602,
+ TOK_TYPE_GSS_CB = 0x0603,
+ TOK_TYPE_MIC = 0x0404,
+ TOK_TYPE_WRAP = 0x0504,
+ TOK_TYPE_EXPORT_NAME = 0x0401,
+ TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402,
+ TOK_TYPE_DELETE = 0x0405,
};
size_t
{ 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
};
-const gss_OID_desc *const GSS_EAP_MECHANISM =
- &gssEapConcreteMechs[0];
-const gss_OID_desc *const GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM =
- &gssEapConcreteMechs[1];
-const gss_OID_desc *const GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM =
- &gssEapConcreteMechs[2];
+gss_OID GSS_EAP_MECHANISM = &gssEapConcreteMechs[0];
+gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[1];
+gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[2];
int
gssEapIsMechanismOid(const gss_OID oid)
{
- if (oidEqual(oid, GSS_EAP_MECHANISM)) {
+ if (oid == GSS_C_NO_OID) {
+ return TRUE;
+ } else if (oidEqual(oid, GSS_EAP_MECHANISM)) {
return TRUE;
} else if (oid->length > gssEapMechPrefix.length &&
memcmp(oid->elements, gssEapMechPrefix.elements,
12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x02\x01"
};
-const gss_OID_desc *const GSS_EAP_NT_PRINCIPAL_NAME =
- &gssEapNtPrincipalName;
+gss_OID GSS_EAP_NT_PRINCIPAL_NAME = &gssEapNtPrincipalName;
OM_uint32
gssEapAllocName(OM_uint32 *minor, gss_name_t *pName)
int composite = 0;
size_t len, remain;
gss_buffer_desc buf;
+ enum gss_eap_token_type tok_type;
GSSEAP_KRB_INIT(&krbContext);
if (remain < 6 + GSS_EAP_MECHANISM->length + 4)
return GSS_S_BAD_NAME;
- if (*p++ != 0x04)
+ /* TOK_ID */
+ tok_type = load_uint16_be(p);
+ if (tok_type != TOK_TYPE_EXPORT_NAME &&
+ tok_type != TOK_TYPE_EXPORT_NAME_COMPOSITE)
return GSS_S_BAD_NAME;
-
- switch (*p++) {
- case 0x02:
- composite = 1;
- break;
- case 0x01:
- break;
- default:
- return GSS_S_BAD_NAME;
- break;
- }
+ p += 2;
remain -= 2;
+ /* MECH_OID_LEN */
len = load_uint16_be(p);
if (len != 2 + GSS_EAP_MECHANISM->length)
return GSS_S_BAD_NAME;
p += 2;
remain -= 2;
- if (*p++ != 0x06)
+ /* MECH_OID */
+ if (p[0] != 0x06)
return GSS_S_BAD_NAME;
- if (*p++ != GSS_EAP_MECHANISM->length)
+ if (p[1] != GSS_EAP_MECHANISM->length)
return GSS_S_BAD_MECH;
- remain -= 2;
-
if (memcmp(p, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length))
return GSS_S_BAD_MECH;
- p += GSS_EAP_MECHANISM->length;
- remain -= GSS_EAP_MECHANISM->length;
+ p += 2 + GSS_EAP_MECHANISM->length;
+ remain -= 2 + GSS_EAP_MECHANISM->length;
+ /* NAME_LEN */
len = load_uint32_be(p);
p += 4;
if (remain < len)
return GSS_S_BAD_NAME;
+ /* NAME */
buf.length = len;
buf.value = p;
gss_buffer_t exportedName,
int composite)
{
- OM_uint32 major, tmpMinor;
+ OM_uint32 major = GSS_S_FAILURE, tmpMinor;
krb5_context krbContext;
char *krbName = NULL;
size_t krbNameLen;
exportedName->value = NULL;
GSSEAP_KRB_INIT(&krbContext);
-
- if (name == GSS_C_NO_NAME) {
- *minor = EINVAL;
- return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
- }
-
GSSEAP_MUTEX_LOCK(&name->mutex);
/*
}
*minor = krb5_unparse_name(krbContext, name->krbPrincipal, &krbName);
- if (*minor != 0) {
- major = GSS_S_FAILURE;
+ if (*minor != 0)
goto cleanup;
- }
krbNameLen = strlen(krbName);
exportedName->length = 6 + GSS_EAP_MECHANISM->length + 4 + krbNameLen;
exportedName->value = GSSEAP_MALLOC(exportedName->length);
if (exportedName->value == NULL) {
*minor = ENOMEM;
- major = GSS_S_FAILURE;
goto cleanup;
}
+ /* TOK | MECH_OID_LEN */
p = (unsigned char *)exportedName->value;
- *p++ = 0x04;
- if (composite) {
- *p++ = 0x02;
- } else {
- *p++ = 0x01;
- }
+ store_uint16_be(composite
+ ? TOK_TYPE_EXPORT_NAME_COMPOSITE
+ : TOK_TYPE_EXPORT_NAME,
+ p);
+ p += 2;
store_uint16_be(GSS_EAP_MECHANISM->length + 2, p);
p += 2;
+
+ /* MECH_OID */
*p++ = 0x06;
*p++ = GSS_EAP_MECHANISM->length & 0xff;
memcpy(p, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length);
p += GSS_EAP_MECHANISM->length;
+ /* NAME_LEN */
store_uint32_be(krbNameLen, p);
p += 4;
+
+ /* NAME */
memcpy(p, krbName, krbNameLen);
p += krbNameLen;