static void
zeroAndReleasePassword(gss_buffer_t password)
{
+ GSSEAP_ASSERT(password != GSS_C_NO_BUFFER);
+
if (password->value != NULL) {
memset(password->value, 0, password->length);
GSSEAP_FREE(password->value);
gss_release_buffer(&tmpMinor, &cred->radiusConfigFile);
gss_release_buffer(&tmpMinor, &cred->radiusConfigStanza);
gss_release_buffer(&tmpMinor, &cred->caCertificate);
+ gss_release_buffer(&tmpMinor, &cred->caCertificateBlob);
gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint);
gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint);
- gss_release_buffer(&tmpMinor, &cred->privateKey);
gss_release_buffer(&tmpMinor, &cred->clientCertificate);
+ gss_release_buffer(&tmpMinor, &cred->privateKey);
#ifdef GSSEAP_ENABLE_REAUTH
if (cred->krbCredCache != NULL) {
static OM_uint32
readStaticIdentityFile(OM_uint32 *minor,
gss_buffer_t defaultIdentity,
- gss_buffer_t defaultPassword,
- gss_buffer_t defaultPrivateKey)
+ gss_buffer_t defaultPassword)
{
OM_uint32 major, tmpMinor;
FILE *fp = NULL;
defaultPassword->value = NULL;
}
- if (defaultPrivateKey != GSS_C_NO_BUFFER) {
- defaultPrivateKey->length = 0;
- defaultPrivateKey->value = NULL;
- }
-
ccacheName = getenv("GSSEAP_IDENTITY");
if (ccacheName == NULL) {
#ifdef WIN32
dst = defaultIdentity;
else if (i == 1)
dst = defaultPassword;
- else if (i == 2)
- dst = defaultPrivateKey;
else
break;
if (GSS_ERROR(major)) {
gss_release_buffer(&tmpMinor, defaultIdentity);
zeroAndReleasePassword(defaultPassword);
- gss_release_buffer(&tmpMinor, defaultPrivateKey);
}
memset(buf, 0, sizeof(buf));
gss_OID
gssEapPrimaryMechForCred(gss_cred_id_t cred)
{
- gss_OID nameMech = GSS_C_NO_OID;
+ gss_OID credMech = GSS_C_NO_OID;
- if (cred->mechanisms != GSS_C_NO_OID_SET &&
+ if (cred != GSS_C_NO_CREDENTIAL &&
+ cred->mechanisms != GSS_C_NO_OID_SET &&
cred->mechanisms->count == 1)
- nameMech = &cred->mechanisms->elements[0];
+ credMech = &cred->mechanisms->elements[0];
- return nameMech;
+ return credMech;
}
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
- const gss_name_t desiredName,
+ gss_const_name_t desiredName,
OM_uint32 timeReq GSSEAP_UNUSED,
const gss_OID_set desiredMechs,
int credUsage,
goto cleanup;
if (desiredName != GSS_C_NO_NAME) {
- GSSEAP_MUTEX_LOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)desiredName)->mutex);
major = gssEapDuplicateName(minor, desiredName, &cred->name);
if (GSS_ERROR(major)) {
- GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)desiredName)->mutex);
goto cleanup;
}
- GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)desiredName)->mutex);
}
#ifdef GSSEAP_ENABLE_ACCEPTOR
if (GSS_ERROR(major))
gssEapReleaseCred(&tmpMinor, &cred);
+ gssEapTraceStatus("gss_acquire_cred", major, *minor);
+
return major;
}
* lock because mechanisms list is immutable.
*/
int
-gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech)
+gssEapCredAvailable(gss_const_cred_id_t cred, gss_OID mech)
{
OM_uint32 minor;
int present = 0;
*pName = GSS_C_NO_NAME;
- major = readStaticIdentityFile(minor, &defaultIdentity,
- GSS_C_NO_BUFFER, GSS_C_NO_BUFFER);
+ major = readStaticIdentityFile(minor, &defaultIdentity, GSS_C_NO_BUFFER);
if (major == GSS_S_COMPLETE) {
major = gssEapImportName(minor, &defaultIdentity, GSS_C_NT_USER_NAME,
nameMech, pName);
OM_uint32
gssEapSetCredService(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t target)
+ gss_const_name_t target)
{
OM_uint32 major, tmpMinor;
gss_name_t newTarget = GSS_C_NO_NAME;
duplicateBufferOrCleanup(&src->radiusConfigStanza, &dst->radiusConfigStanza);
if (src->caCertificate.value != NULL)
duplicateBufferOrCleanup(&src->caCertificate, &dst->caCertificate);
+ if (src->caCertificateBlob.value != NULL)
+ duplicateBufferOrCleanup(&src->caCertificateBlob, &dst->caCertificateBlob);
if (src->subjectNameConstraint.value != NULL)
duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint);
if (src->subjectAltNameConstraint.value != NULL)
duplicateBufferOrCleanup(&src->subjectAltNameConstraint, &dst->subjectAltNameConstraint);
+ if (src->clientCertificate.value != NULL)
+ duplicateBufferOrCleanup(&src->clientCertificate, &dst->clientCertificate);
if (src->privateKey.value != NULL)
duplicateBufferOrCleanup(&src->privateKey, &dst->privateKey);
gss_buffer_desc defaultIdentity = GSS_C_EMPTY_BUFFER;
gss_name_t defaultIdentityName = GSS_C_NO_NAME;
gss_buffer_desc defaultPassword = GSS_C_EMPTY_BUFFER;
- gss_buffer_desc defaultPrivateKey = GSS_C_EMPTY_BUFFER;
int isDefaultIdentity = FALSE;
- major = readStaticIdentityFile(minor, &defaultIdentity,
- &defaultPassword, &defaultPrivateKey);
+ major = readStaticIdentityFile(minor, &defaultIdentity, &defaultPassword);
if (GSS_ERROR(major))
goto cleanup;
isDefaultIdentity = TRUE;
} else {
major = gssEapCompareName(minor, cred->name,
- defaultIdentityName, &isDefaultIdentity);
+ defaultIdentityName, 0,
+ &isDefaultIdentity);
if (GSS_ERROR(major))
goto cleanup;
}
}
- if (isDefaultIdentity) {
- if (defaultPrivateKey.length != 0) {
- major = gssEapSetCredClientCertificate(minor, cred, GSS_C_NO_BUFFER,
- &defaultPrivateKey);
- if (GSS_ERROR(major))
- goto cleanup;
- }
-
- if ((cred->flags & CRED_FLAG_PASSWORD) == 0) {
- major = gssEapSetCredPassword(minor, cred, &defaultPassword);
- if (GSS_ERROR(major))
- goto cleanup;
- }
+ if (isDefaultIdentity &&
+ (cred->flags & CRED_FLAG_PASSWORD) == 0) {
+ major = gssEapSetCredPassword(minor, cred, &defaultPassword);
+ if (GSS_ERROR(major))
+ goto cleanup;
}
cleanup:
gssEapReleaseName(&tmpMinor, &defaultIdentityName);
zeroAndReleasePassword(&defaultPassword);
gss_release_buffer(&tmpMinor, &defaultIdentity);
- gss_release_buffer(&tmpMinor, &defaultPrivateKey);
return major;
}
OM_uint32
gssEapResolveInitiatorCred(OM_uint32 *minor,
const gss_cred_id_t cred,
- const gss_name_t targetName
+ gss_const_name_t targetName
#ifndef HAVE_MOONSHOT_GET_IDENTITY
GSSEAP_UNUSED
#endif
projects / mech_eap.git / blobdiff