projects
/
mech_eap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixes for Heimdal (macOS) builds from Stefan.
[mech_eap.git]
/
mech_eap
/
import_sec_context.c
diff --git
a/mech_eap/import_sec_context.c
b/mech_eap/import_sec_context.c
index
a2a712c
..
a0ebb8c
100644
(file)
--- a/
mech_eap/import_sec_context.c
+++ b/
mech_eap/import_sec_context.c
@@
-106,7
+106,7
@@
gssEapImportPartialContext(OM_uint32 *minor,
}
#ifdef GSSEAP_DEBUG
}
#ifdef GSSEAP_DEBUG
-
assert
(remain == 0);
+
GSSEAP_ASSERT
(remain == 0);
#endif
*pBuf = p;
#endif
*pBuf = p;
@@
-152,13
+152,19
@@
importKerberosKey(OM_uint32 *minor,
size_t *pRemain,
krb5_cksumtype *checksumType,
krb5_enctype *pEncryptionType,
size_t *pRemain,
krb5_cksumtype *checksumType,
krb5_enctype *pEncryptionType,
- krb5_keyblock *
k
ey)
+ krb5_keyblock *
pK
ey)
{
unsigned char *p = *pBuf;
size_t remain = *pRemain;
OM_uint32 encryptionType;
OM_uint32 length;
{
unsigned char *p = *pBuf;
size_t remain = *pRemain;
OM_uint32 encryptionType;
OM_uint32 length;
- gss_buffer_desc tmp;
+ krb5_context krbContext;
+ krb5_keyblock key;
+ krb5_error_code code;
+
+ GSSEAP_KRB_INIT(&krbContext);
+
+ KRB_KEY_INIT(pKey);
if (remain < 12) {
*minor = GSSEAP_TOK_TRUNC;
if (remain < 12) {
*minor = GSSEAP_TOK_TRUNC;
@@
-179,14
+185,19
@@
importKerberosKey(OM_uint32 *minor,
return GSS_S_DEFECTIVE_TOKEN;
}
return GSS_S_DEFECTIVE_TOKEN;
}
- if (load_buffer(&p[12], length, &tmp) == NULL) {
- *minor = ENOMEM;
- return GSS_S_FAILURE;
- }
+ if (encryptionType != ENCTYPE_NULL) {
+ KRB_KEY_INIT(&key);
- KRB_KEY_TYPE(key) = encryptionType;
- KRB_KEY_LENGTH(key) = tmp.length;
- KRB_KEY_DATA(key) = (unsigned char *)tmp.value;
+ KRB_KEY_TYPE(&key) = encryptionType;
+ KRB_KEY_LENGTH(&key) = length;
+ KRB_KEY_DATA(&key) = &p[12];
+
+ code = krb5_copy_keyblock_contents(krbContext, &key, pKey);
+ if (code != 0) {
+ *minor = code;
+ return GSS_S_FAILURE;
+ }
+ }
*pBuf += 12 + length;
*pRemain -= 12 + length;
*pBuf += 12 + length;
*pRemain -= 12 + length;
@@
-198,11
+209,12
@@
importKerberosKey(OM_uint32 *minor,
static OM_uint32
importName(OM_uint32 *minor,
static OM_uint32
importName(OM_uint32 *minor,
+ gss_OID mech,
unsigned char **pBuf,
size_t *pRemain,
gss_name_t *pName)
{
unsigned char **pBuf,
size_t *pRemain,
gss_name_t *pName)
{
- OM_uint32 major;
+ OM_uint32 major
, tmpMinor, flags
;
unsigned char *p = *pBuf;
size_t remain = *pRemain;
gss_buffer_desc tmp;
unsigned char *p = *pBuf;
size_t remain = *pRemain;
gss_buffer_desc tmp;
@@
-221,10
+233,21
@@
importName(OM_uint32 *minor,
tmp.value = p + 4;
tmp.value = p + 4;
- major = gssEapImportNameInternal(minor, &tmp, pName,
- EXPORT_NAME_FLAG_COMPOSITE);
+ flags = EXPORT_NAME_FLAG_COMPOSITE;
+ if (mech == GSS_C_NO_OID)
+ flags |= EXPORT_NAME_FLAG_OID;
+
+ major = gssEapImportNameInternal(minor, &tmp, pName, flags);
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
+
+ if ((flags & EXPORT_NAME_FLAG_OID) == 0) {
+ major = gssEapCanonicalizeOid(minor, mech, 0, &(*pName)->mechanismUsed);
+ if (GSS_ERROR(major)) {
+ gssEapReleaseName(&tmpMinor, pName);
+ return major;
+ }
+ }
}
*pBuf += 4 + tmp.length;
}
*pBuf += 4 + tmp.length;
@@
-234,7
+257,7
@@
importName(OM_uint32 *minor,
return GSS_S_COMPLETE;
}
return GSS_S_COMPLETE;
}
-
static
OM_uint32
+OM_uint32
gssEapImportContext(OM_uint32 *minor,
gss_buffer_t token,
gss_ctx_id_t ctx)
gssEapImportContext(OM_uint32 *minor,
gss_buffer_t token,
gss_ctx_id_t ctx)
@@
-277,11
+300,12
@@
gssEapImportContext(OM_uint32 *minor,
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
- major = importName(minor, &p, &remain, &ctx->initiatorName);
+ /* Initiator name OID matches the context mechanism, so it's not encoded */
+ major = importName(minor, ctx->mechanismUsed, &p, &remain, &ctx->initiatorName);
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
- major = importName(minor, &p, &remain, &ctx->acceptorName);
+ major = importName(minor,
GSS_C_NO_OID,
&p, &remain, &ctx->acceptorName);
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
@@
-319,7
+343,7
@@
gssEapImportContext(OM_uint32 *minor,
}
#ifdef GSSEAP_DEBUG
}
#ifdef GSSEAP_DEBUG
-
assert
(remain == 0);
+
GSSEAP_ASSERT
(remain == 0);
#endif
#endif /* GSSEAP_ENABLE_ACCEPTOR */
#endif
#endif /* GSSEAP_ENABLE_ACCEPTOR */