From: Luke Howard <lukeh@padl.com>
Date: Wed, 8 Sep 2010 14:04:02 +0000 (+0200)
Subject: gss_compare_name implementation
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=cyrus-sasl.git;a=commitdiff_plain;h=d45266ffeaec916603f1123fbdf34385baa54c0e

gss_compare_name implementation
---

diff --git a/mech_eap/compare_name.c b/mech_eap/compare_name.c
index 0c557f2..65aaa07 100644
--- a/mech_eap/compare_name.c
+++ b/mech_eap/compare_name.c
@@ -39,7 +39,18 @@ gss_compare_name(OM_uint32 *minor,
                  int *name_equal)
 {
     OM_uint32 major;
-    krb5_context context;
+    krb5_context krbContext;
 
-    GSSEAP_KRB_INIT(&context);
+    GSSEAP_KRB_INIT(&krbContext);
+
+    if (name1 == GSS_C_NO_NAME || name2 == GSS_C_NO_NAME) {
+        *minor = EINVAL;
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+    }
+
+    *name_equal = krb5_principal_compare(krbContext,
+                                        name1->krbPrincipal, 
+                                        name2->krbPrincipal);
+
+    return major;
 }
diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index 6ab69df..9442232 100644
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -55,12 +55,15 @@
 /* Kerberos includes */
 #include <krb5.h>
 
+#define NAME_FLAG_SAML                      0x00000001
+#define NAME_FLAG_RADIUS                    0x00000002
+
 struct gss_name_struct {
-    GSSEAP_MUTEX mutex;
+    GSSEAP_MUTEX mutex; /* mutex protecting attributes */
     OM_uint32 flags;
-    krb5_principal kerberosName;
-    void *aaa;
-    void *assertion;
+    krb5_principal krbPrincipal; /* this is immutable */
+    void *saml;
+    void *avps;
 };
 
 #define CRED_FLAG_INITIATOR                 0x00000001
diff --git a/mech_eap/util_crypt.c b/mech_eap/util_crypt.c
index 00a3cb1..481b7fe 100644
--- a/mech_eap/util_crypt.c
+++ b/mech_eap/util_crypt.c
@@ -415,9 +415,12 @@ gssEapDeriveRFC3961Key(OM_uint32 *minor,
     GSSEAP_KRB_INIT(&context);
 
     kd.contents = NULL;
-    prf.data = NULL;
+    kd.length = 0;
     KRB_KEYTYPE(&kd) = enctype;
 
+    prf.data = NULL;
+    prf.length = 0;
+
     code = krb5_c_keylengths(context, enctype, &keybytes, &keylength);
     if (code != 0)
         goto cleanup;
@@ -459,13 +462,17 @@ gssEapDeriveRFC3961Key(OM_uint32 *minor,
         goto cleanup;
 
     *pKey = kd;
+    kd.contents = NULL;
 
 cleanup:
-    if (code != 0) {
+    if (kd.contents != NULL) {
+        memset(kd.contents, 0, kd.length);
         GSSEAP_FREE(kd.contents);
     }
-
-    GSSEAP_FREE(prf.data);
+    if (prf.data != NULL) {
+        memset(prf.data, 0, prf.length);
+        GSSEAP_FREE(prf.data);
+    }
 
     *minor = code;
     return (*minor == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
diff --git a/mech_eap/util_name.c b/mech_eap/util_name.c
index 97829d5..0d9b198 100644
--- a/mech_eap/util_name.c
+++ b/mech_eap/util_name.c
@@ -73,7 +73,7 @@ gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName)
     }
 
     krb5_init_context(&kerbCtx);
-    krb5_free_principal(kerbCtx, name->kerberosName);
+    krb5_free_principal(kerbCtx, name->krbPrincipal);
     if (kerbCtx != NULL) {
         krb5_free_context(kerbCtx);
     }