if (GSS_ERROR(major))
return major;
} else if (inputToken != GSS_C_NO_BUFFER) {
- /* Accept target name hint from acceptor or verify acceptor*/
- gss_name_t importedName;
+ OM_uint32 tmpMinor;
+ gss_name_t nameHint;
+ int equal;
+
+ /* Accept target name hint from acceptor or verify acceptor */
major = gssEapImportName(minor, inputToken,
GSS_C_NT_USER_NAME,
ctx->mechanismUsed,
- &importedName);
+ &nameHint);
if (GSS_ERROR(major))
return major;
- if (ctx->acceptorName) {
- /* verify name */
- int equal = 0;
- OM_uint32 ignoredMinor = 0;
- major = gss_compare_name(minor, importedName,
- ctx->acceptorName, &equal);
- gss_release_name(&ignoredMinor, &importedName);
- if (GSS_ERROR(major))
- return major;
- if (!equal) {
- *minor = GSSEAP_BAD_CONTEXT_TOKEN;
- return GSS_S_DEFECTIVE_TOKEN;
- }
- } else {
- /* accept acceptor name hint */
- ctx->acceptorName = importedName;
- importedName = NULL;
- }
+
+ if (ctx->acceptorName != GSS_C_NO_NAME) {
+ /* verify name hint matched asserted acceptor name */
+ major = gss_compare_name(minor, nameHint,
+ ctx->acceptorName, &equal);
+ if (GSS_ERROR(major)) {
+ gss_release_name(&tmpMinor, &nameHint);
+ return major;
+ }
+
+ gss_release_name(&tmpMinor, &nameHint);
+
+ if (!equal) {
+ *minor = GSSEAP_BAD_CONTEXT_TOKEN;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ } else {
+ /* accept acceptor name hint */
+ ctx->acceptorName = nameHint;
+ nameHint = GSS_C_NO_NAME;
+ }
}
#include "gssapiP_eap.h"
/*
- * Many OIDs are taken from 1.3.6.1.4.1.5322(padl)
- * gssEap(22)
- * mechanisms(1) (no longer used)
+ * Mechanism and name types are taken from 1.3.6.1.5.5(mechanisms)
+ * assigned at http://www.iana.org/assignments/smi-numbers
+ *
+ * abfab(15)
+ * mechanisms(1)
* eap-aes128-cts-hmac-sha1-96(17)
* eap-aes256-cts-hmac-sha1-96(18)
- * nameTypes(2) (no longer used)
+ * nameTypes(2)
+ * eap-name(1)
+ *
+ * Implementation-internal OIDs are taken from 1.3.6.1.4.1.5322(padl)
+ * gssEap(22)
* apiExtensions(3)
* inquireSecContextByOid(1)
* inquireCredByOid(2)
* setSecContextOption(3)
* setCredOption(4)
* mechInvoke(5)
- * Mechanisms and name types are now taken from
- * http://www.iana.org/assignments/smi-numbers . See Prefix:
- * iso.org.dod.internet.security.mechanisms.abfab (1.3.6.1.5.5.15)
*/
/*
}
break;
case 0:
- switch (attrid.second) {
- case PW_GSS_ACCEPTOR_SERVICE_NAME:
+ switch (attrid.second) {
+ case PW_GSS_ACCEPTOR_SERVICE_NAME:
case PW_GSS_ACCEPTOR_HOST_NAME:
case PW_GSS_ACCEPTOR_SERVICE_SPECIFICS:
case PW_GSS_ACCEPTOR_REALM_NAME:
bInternalAttribute = true;
- break;
- default:
- break;
- }
- break;
+ break;
+ default:
+ break;
+ }
+ break;
default:
break;
}