mech_eap_la_SOURCES = \
accept_sec_context.c \
acquire_cred.c \
+ acquire_cred_ext.c \
acquire_cred_with_password.c \
add_cred.c \
add_cred_with_password.c \
if (ctx->defaultCred == GSS_C_NO_CREDENTIAL) {
major = gssEapAcquireCred(minor,
GSS_C_NO_NAME,
+ GSS_C_NO_OID,
GSS_C_NO_BUFFER,
GSS_C_INDEFINITE,
GSS_C_NO_OID_SET,
gss_OID_set *actual_mechs,
OM_uint32 *time_rec)
{
- return gssEapAcquireCred(minor, desired_name, GSS_C_NO_BUFFER,
- time_req, desired_mechs, cred_usage,
- output_cred_handle, actual_mechs, time_rec);
+ return gssEapAcquireCred(minor,
+ desired_name,
+ GSS_C_NO_OID,
+ GSS_C_NO_BUFFER,
+ time_req,
+ desired_mechs, cred_usage,
+ output_cred_handle,
+ actual_mechs,
+ time_rec);
}
--- /dev/null
+/*
+ * Copyright (c) 2011, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Wrapper for acquiring a credential handle.
+ */
+
+#include "gssapiP_eap.h"
+
+OM_uint32
+gss_acquire_cred_ext
+ (OM_uint32 *minor,
+ const gss_name_t desired_name,
+ gss_const_OID credential_type,
+ const void *credential_data,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle
+ )
+{
+ OM_uint32 major;
+ gss_OID_set_desc mechs;
+
+ mechs.count = 1;
+ mechs.elements = (gss_OID)desired_mech;
+
+ major = gssEapAcquireCred(minor,
+ desired_name,
+ credential_type,
+ credential_data,
+ time_req,
+ &mechs,
+ cred_usage,
+ output_cred_handle,
+ NULL,
+ NULL);
+
+ return major;
+}
gss_OID_set *actual_mechs,
OM_uint32 *time_rec)
{
- return gssEapAcquireCred(minor, desired_name, password,
- time_req, desired_mechs, cred_usage,
- output_cred_handle, actual_mechs, time_rec);
+ return gssEapAcquireCred(minor,
+ desired_name,
+ &gssEapPasswordCredType,
+ password,
+ time_req,
+ desired_mechs,
+ cred_usage,
+ output_cred_handle,
+ actual_mechs,
+ time_rec);
}
major = gssEapAcquireCred(minor,
desired_name,
+ GSS_C_NO_OID,
GSS_C_NO_BUFFER,
time_req,
&mechs,
major = gssEapAcquireCred(minor,
desired_name,
+ &gssEapPasswordCredType,
password,
time_req,
&mechs,
error_code GSSEAP_CRED_USAGE_MISMATCH, "Credential usage does not match requested usage"
error_code GSSEAP_CRED_MECH_MISMATCH, "Credential is not usable with this mechanism"
error_code GSSEAP_CRED_EXPIRED, "Attributes indicate credentials have expired"
+error_code GSSEAP_BAD_CRED_TYPE, "Bad credential type"
error_code GSSEAP_BAD_CRED_OPTION, "Bad credential option"
error_code GSSEAP_NO_DEFAULT_IDENTITY, "Default credentials identity unavailable"
error_code GSSEAP_NO_DEFAULT_CRED, "Missing default password or other credentials"
+
#
# Wrap/unwrap/PRF errors
#
if (ctx->defaultCred == GSS_C_NO_CREDENTIAL) {
major = gssEapAcquireCred(minor,
GSS_C_NO_NAME,
+ GSS_C_NO_OID,
GSS_C_NO_BUFFER,
time_req,
GSS_C_NO_OID_SET,
gss_accept_sec_context
gss_acquire_cred
+gss_acquire_cred_ext
gss_add_cred
gss_add_cred_with_password
gss_canonicalize_name
OM_uint32 *time_rec);
/* util_cred.c */
+extern const gss_OID_desc gssEapPasswordCredType;
+
OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
const gss_name_t desiredName,
- const gss_buffer_t password,
+ gss_const_OID credType,
+ const void *credData,
OM_uint32 timeReq,
const gss_OID_set desiredMechs,
int cred_usage,
#include <pwd.h>
+const gss_OID_desc gssEapPasswordCredType =
+ { 7, "\x2a\x85\x70\x2b\x0d\x81\x48" };
+
OM_uint32
gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
{
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
const gss_name_t desiredName,
- const gss_buffer_t password,
+ gss_const_OID credType,
+ const void *credData,
OM_uint32 timeReq GSSEAP_UNUSED,
const gss_OID_set desiredMechs,
int credUsage,
gss_name_t defaultIdentityName = GSS_C_NO_NAME;
gss_buffer_desc defaultCreds = GSS_C_EMPTY_BUFFER;
gss_OID nameMech = GSS_C_NO_OID;
+ gss_buffer_t password = GSS_C_NO_BUFFER;
/* XXX TODO validate with changed set_cred_option API */
*pCred = GSS_C_NO_CREDENTIAL;
+ if (credType != GSS_C_NO_OID) {
+ if (oidEqual(credType, &gssEapPasswordCredType)) {
+ password = (gss_buffer_t)credData;
+ } else {
+ major = GSS_S_CRED_UNAVAIL;
+ *minor = GSSEAP_BAD_CRED_TYPE;
+ goto cleanup;
+ }
+ }
+
major = gssEapAllocCred(minor, &cred);
if (GSS_ERROR(major))
goto cleanup;