X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=mech_eap%2Fimport_sec_context.c;h=a0ebb8c716baf0d20cd4d6746b415113be3765cb;hp=56ee8d88914a5df662138d392f6c9729430de1b2;hb=HEAD;hpb=527a687917e60958777a01ca7a458888bee341b8

diff --git a/mech_eap/import_sec_context.c b/mech_eap/import_sec_context.c
index 56ee8d8..a0ebb8c 100644
--- a/mech_eap/import_sec_context.c
+++ b/mech_eap/import_sec_context.c
@@ -152,13 +152,19 @@ importKerberosKey(OM_uint32 *minor,
                   size_t *pRemain,
                   krb5_cksumtype *checksumType,
                   krb5_enctype *pEncryptionType,
-                  krb5_keyblock *key)
+                  krb5_keyblock *pKey)
 {
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     OM_uint32 encryptionType;
     OM_uint32 length;
-    gss_buffer_desc tmp;
+    krb5_context krbContext;
+    krb5_keyblock key;
+    krb5_error_code code;
+
+    GSSEAP_KRB_INIT(&krbContext);
+
+    KRB_KEY_INIT(pKey);
 
     if (remain < 12) {
         *minor = GSSEAP_TOK_TRUNC;
@@ -179,14 +185,19 @@ importKerberosKey(OM_uint32 *minor,
         return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    if (load_buffer(&p[12], length, &tmp) == NULL) {
-        *minor = ENOMEM;
-        return GSS_S_FAILURE;
-    }
+    if (encryptionType != ENCTYPE_NULL) {
+        KRB_KEY_INIT(&key);
+
+        KRB_KEY_TYPE(&key)   = encryptionType;
+        KRB_KEY_LENGTH(&key) = length;
+        KRB_KEY_DATA(&key)   = &p[12];
 
-    KRB_KEY_TYPE(key)   = encryptionType;
-    KRB_KEY_LENGTH(key) = tmp.length;
-    KRB_KEY_DATA(key)   = (unsigned char *)tmp.value;
+        code = krb5_copy_keyblock_contents(krbContext, &key, pKey);
+        if (code != 0) {
+            *minor = code;
+            return GSS_S_FAILURE;
+        }
+    }
 
     *pBuf    += 12 + length;
     *pRemain -= 12 + length;
@@ -198,11 +209,12 @@ importKerberosKey(OM_uint32 *minor,
 
 static OM_uint32
 importName(OM_uint32 *minor,
+           gss_OID mech,
            unsigned char **pBuf,
            size_t *pRemain,
            gss_name_t *pName)
 {
-    OM_uint32 major;
+    OM_uint32 major, tmpMinor, flags;
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     gss_buffer_desc tmp;
@@ -221,10 +233,21 @@ importName(OM_uint32 *minor,
 
         tmp.value = p + 4;
 
-        major = gssEapImportNameInternal(minor, &tmp, pName,
-                                         EXPORT_NAME_FLAG_COMPOSITE);
+        flags = EXPORT_NAME_FLAG_COMPOSITE;
+        if (mech == GSS_C_NO_OID)
+            flags |= EXPORT_NAME_FLAG_OID;
+
+        major = gssEapImportNameInternal(minor, &tmp, pName, flags);
         if (GSS_ERROR(major))
             return major;
+
+        if ((flags & EXPORT_NAME_FLAG_OID) == 0) {
+            major = gssEapCanonicalizeOid(minor, mech, 0, &(*pName)->mechanismUsed);
+            if (GSS_ERROR(major)) {
+                gssEapReleaseName(&tmpMinor, pName);
+                return major;
+            }
+        }
     }
 
     *pBuf    += 4 + tmp.length;
@@ -277,11 +300,12 @@ gssEapImportContext(OM_uint32 *minor,
     if (GSS_ERROR(major))
         return major;
 
-    major = importName(minor, &p, &remain, &ctx->initiatorName);
+    /* Initiator name OID matches the context mechanism, so it's not encoded */
+    major = importName(minor, ctx->mechanismUsed, &p, &remain, &ctx->initiatorName);
     if (GSS_ERROR(major))
         return major;
 
-    major = importName(minor, &p, &remain, &ctx->acceptorName);
+    major = importName(minor, GSS_C_NO_OID, &p, &remain, &ctx->acceptorName);
     if (GSS_ERROR(major))
         return major;