static void
zeroAndReleasePassword(gss_buffer_t password)
{
+ GSSEAP_ASSERT(password != GSS_C_NO_BUFFER);
+
if (password->value != NULL) {
memset(password->value, 0, password->length);
GSSEAP_FREE(password->value);
gss_release_buffer(&tmpMinor, &cred->radiusConfigFile);
gss_release_buffer(&tmpMinor, &cred->radiusConfigStanza);
gss_release_buffer(&tmpMinor, &cred->caCertificate);
+ gss_release_buffer(&tmpMinor, &cred->caCertificateBlob);
gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint);
gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint);
gss_release_buffer(&tmpMinor, &cred->clientCertificate);
gss_OID
gssEapPrimaryMechForCred(gss_cred_id_t cred)
{
- gss_OID nameMech = GSS_C_NO_OID;
+ gss_OID credMech = GSS_C_NO_OID;
- if (cred->mechanisms != GSS_C_NO_OID_SET &&
+ if (cred != GSS_C_NO_CREDENTIAL &&
+ cred->mechanisms != GSS_C_NO_OID_SET &&
cred->mechanisms->count == 1)
- nameMech = &cred->mechanisms->elements[0];
+ credMech = &cred->mechanisms->elements[0];
- return nameMech;
+ return credMech;
}
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
- const gss_name_t desiredName,
+ gss_const_name_t desiredName,
OM_uint32 timeReq GSSEAP_UNUSED,
const gss_OID_set desiredMechs,
int credUsage,
goto cleanup;
if (desiredName != GSS_C_NO_NAME) {
- GSSEAP_MUTEX_LOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)desiredName)->mutex);
major = gssEapDuplicateName(minor, desiredName, &cred->name);
if (GSS_ERROR(major)) {
- GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)desiredName)->mutex);
goto cleanup;
}
- GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)desiredName)->mutex);
}
#ifdef GSSEAP_ENABLE_ACCEPTOR
if (GSS_ERROR(major))
gssEapReleaseCred(&tmpMinor, &cred);
+ gssEapTraceStatus("gss_acquire_cred", major, *minor);
+
return major;
}
* lock because mechanisms list is immutable.
*/
int
-gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech)
+gssEapCredAvailable(gss_const_cred_id_t cred, gss_OID mech)
{
OM_uint32 minor;
int present = 0;
OM_uint32
gssEapSetCredService(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t target)
+ gss_const_name_t target)
{
OM_uint32 major, tmpMinor;
gss_name_t newTarget = GSS_C_NO_NAME;
duplicateBufferOrCleanup(&src->radiusConfigStanza, &dst->radiusConfigStanza);
if (src->caCertificate.value != NULL)
duplicateBufferOrCleanup(&src->caCertificate, &dst->caCertificate);
+ if (src->caCertificateBlob.value != NULL)
+ duplicateBufferOrCleanup(&src->caCertificateBlob, &dst->caCertificateBlob);
if (src->subjectNameConstraint.value != NULL)
duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint);
if (src->subjectAltNameConstraint.value != NULL)
isDefaultIdentity = TRUE;
} else {
major = gssEapCompareName(minor, cred->name,
- defaultIdentityName, &isDefaultIdentity);
+ defaultIdentityName, 0,
+ &isDefaultIdentity);
if (GSS_ERROR(major))
goto cleanup;
}
OM_uint32
gssEapResolveInitiatorCred(OM_uint32 *minor,
const gss_cred_id_t cred,
- const gss_name_t targetName
+ gss_const_name_t targetName
#ifndef HAVE_MOONSHOT_GET_IDENTITY
GSSEAP_UNUSED
#endif