int *name_equal)
{
OM_uint32 major;
- krb5_context context;
+ krb5_context krbContext;
- GSSEAP_KRB_INIT(&context);
+ GSSEAP_KRB_INIT(&krbContext);
+
+ if (name1 == GSS_C_NO_NAME || name2 == GSS_C_NO_NAME) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+ }
+
+ *name_equal = krb5_principal_compare(krbContext,
+ name1->krbPrincipal,
+ name2->krbPrincipal);
+
+ return major;
}
/* Kerberos includes */
#include <krb5.h>
+#define NAME_FLAG_SAML 0x00000001
+#define NAME_FLAG_RADIUS 0x00000002
+
struct gss_name_struct {
- GSSEAP_MUTEX mutex;
+ GSSEAP_MUTEX mutex; /* mutex protecting attributes */
OM_uint32 flags;
- krb5_principal kerberosName;
- void *aaa;
- void *assertion;
+ krb5_principal krbPrincipal; /* this is immutable */
+ void *saml;
+ void *avps;
};
#define CRED_FLAG_INITIATOR 0x00000001
GSSEAP_KRB_INIT(&context);
kd.contents = NULL;
- prf.data = NULL;
+ kd.length = 0;
KRB_KEYTYPE(&kd) = enctype;
+ prf.data = NULL;
+ prf.length = 0;
+
code = krb5_c_keylengths(context, enctype, &keybytes, &keylength);
if (code != 0)
goto cleanup;
goto cleanup;
*pKey = kd;
+ kd.contents = NULL;
cleanup:
- if (code != 0) {
+ if (kd.contents != NULL) {
+ memset(kd.contents, 0, kd.length);
GSSEAP_FREE(kd.contents);
}
-
- GSSEAP_FREE(prf.data);
+ if (prf.data != NULL) {
+ memset(prf.data, 0, prf.length);
+ GSSEAP_FREE(prf.data);
+ }
*minor = code;
return (*minor == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
}
krb5_init_context(&kerbCtx);
- krb5_free_principal(kerbCtx, name->kerberosName);
+ krb5_free_principal(kerbCtx, name->krbPrincipal);
if (kerbCtx != NULL) {
krb5_free_context(kerbCtx);
}