X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=mech_eap%2Fimport_sec_context.c;h=a0ebb8c716baf0d20cd4d6746b415113be3765cb;hp=d571bca4d0b03acad618957d0c712b1d59c4edb7;hb=HEAD;hpb=10a3b578c38207140378a98c024c03d85941f837

diff --git a/mech_eap/import_sec_context.c b/mech_eap/import_sec_context.c
index d571bca..a0ebb8c 100644
--- a/mech_eap/import_sec_context.c
+++ b/mech_eap/import_sec_context.c
@@ -48,6 +48,7 @@
         }                                       \
     } while (0)
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
 static OM_uint32
 gssEapImportPartialContext(OM_uint32 *minor,
                            unsigned char **pBuf,
@@ -105,7 +106,7 @@ gssEapImportPartialContext(OM_uint32 *minor,
     }
 
 #ifdef GSSEAP_DEBUG
-    assert(remain == 0);
+    GSSEAP_ASSERT(remain == 0);
 #endif
 
     *pBuf = p;
@@ -113,6 +114,7 @@ gssEapImportPartialContext(OM_uint32 *minor,
 
     return GSS_S_COMPLETE;
 }
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
 
 static OM_uint32
 importMechanismOid(OM_uint32 *minor,
@@ -150,13 +152,19 @@ importKerberosKey(OM_uint32 *minor,
                   size_t *pRemain,
                   krb5_cksumtype *checksumType,
                   krb5_enctype *pEncryptionType,
-                  krb5_keyblock *key)
+                  krb5_keyblock *pKey)
 {
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     OM_uint32 encryptionType;
     OM_uint32 length;
-    gss_buffer_desc tmp;
+    krb5_context krbContext;
+    krb5_keyblock key;
+    krb5_error_code code;
+
+    GSSEAP_KRB_INIT(&krbContext);
+
+    KRB_KEY_INIT(pKey);
 
     if (remain < 12) {
         *minor = GSSEAP_TOK_TRUNC;
@@ -177,14 +185,19 @@ importKerberosKey(OM_uint32 *minor,
         return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    if (load_buffer(&p[12], length, &tmp) == NULL) {
-        *minor = ENOMEM;
-        return GSS_S_FAILURE;
-    }
+    if (encryptionType != ENCTYPE_NULL) {
+        KRB_KEY_INIT(&key);
 
-    KRB_KEY_TYPE(key)   = encryptionType;
-    KRB_KEY_LENGTH(key) = tmp.length;
-    KRB_KEY_DATA(key)   = (unsigned char *)tmp.value;
+        KRB_KEY_TYPE(&key)   = encryptionType;
+        KRB_KEY_LENGTH(&key) = length;
+        KRB_KEY_DATA(&key)   = &p[12];
+
+        code = krb5_copy_keyblock_contents(krbContext, &key, pKey);
+        if (code != 0) {
+            *minor = code;
+            return GSS_S_FAILURE;
+        }
+    }
 
     *pBuf    += 12 + length;
     *pRemain -= 12 + length;
@@ -196,11 +209,12 @@ importKerberosKey(OM_uint32 *minor,
 
 static OM_uint32
 importName(OM_uint32 *minor,
+           gss_OID mech,
            unsigned char **pBuf,
            size_t *pRemain,
            gss_name_t *pName)
 {
-    OM_uint32 major;
+    OM_uint32 major, tmpMinor, flags;
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     gss_buffer_desc tmp;
@@ -219,10 +233,21 @@ importName(OM_uint32 *minor,
 
         tmp.value = p + 4;
 
-        major = gssEapImportNameInternal(minor, &tmp, pName,
-                                         EXPORT_NAME_FLAG_COMPOSITE);
+        flags = EXPORT_NAME_FLAG_COMPOSITE;
+        if (mech == GSS_C_NO_OID)
+            flags |= EXPORT_NAME_FLAG_OID;
+
+        major = gssEapImportNameInternal(minor, &tmp, pName, flags);
         if (GSS_ERROR(major))
             return major;
+
+        if ((flags & EXPORT_NAME_FLAG_OID) == 0) {
+            major = gssEapCanonicalizeOid(minor, mech, 0, &(*pName)->mechanismUsed);
+            if (GSS_ERROR(major)) {
+                gssEapReleaseName(&tmpMinor, pName);
+                return major;
+            }
+        }
     }
 
     *pBuf    += 4 + tmp.length;
@@ -232,7 +257,7 @@ importName(OM_uint32 *minor,
     return GSS_S_COMPLETE;
 }
 
-static OM_uint32
+OM_uint32
 gssEapImportContext(OM_uint32 *minor,
                     gss_buffer_t token,
                     gss_ctx_id_t ctx)
@@ -275,11 +300,12 @@ gssEapImportContext(OM_uint32 *minor,
     if (GSS_ERROR(major))
         return major;
 
-    major = importName(minor, &p, &remain, &ctx->initiatorName);
+    /* Initiator name OID matches the context mechanism, so it's not encoded */
+    major = importName(minor, ctx->mechanismUsed, &p, &remain, &ctx->initiatorName);
     if (GSS_ERROR(major))
         return major;
 
-    major = importName(minor, &p, &remain, &ctx->acceptorName);
+    major = importName(minor, GSS_C_NO_OID, &p, &remain, &ctx->acceptorName);
     if (GSS_ERROR(major))
         return major;
 
@@ -304,6 +330,7 @@ gssEapImportContext(OM_uint32 *minor,
     if (GSS_ERROR(major))
         return major;
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     /*
      * The partial context should only be expected for unestablished
      * acceptor contexts.
@@ -316,8 +343,9 @@ gssEapImportContext(OM_uint32 *minor,
     }
 
 #ifdef GSSEAP_DEBUG
-    assert(remain == 0);
+    GSSEAP_ASSERT(remain == 0);
 #endif
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
 
     major = GSS_S_COMPLETE;
     *minor = 0;
@@ -325,7 +353,7 @@ gssEapImportContext(OM_uint32 *minor,
     return major;
 }
 
-OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 gss_import_sec_context(OM_uint32 *minor,
                        gss_buffer_t interprocess_token,
                        gss_ctx_id_t *context_handle)