fix some build errors

diff --git a/accept_sec_context.c b/accept_sec_context.c
index 8ab9a9b..e254ade 100644 (file)
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -198,8 +198,8 @@ serverGetEapUser(void *ctx,
      */
     user->methods[0].vendor = EAP_VENDOR_IETF;
     user->methods[0].method = EAP_TYPE_MSCHAPV2;
-    user->password = (unsigned char *)strdup("");
-    user->password_len = 0;
+    user->password = (unsigned char *)strdup(" ");
+    user->password_len = 1;
 
     return 0;
 }
@@ -280,6 +280,10 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor,
             major = GSS_S_FAILURE;
             goto cleanup;
         }
+
+        ctx->acceptorCtx.eapPolInterface = eap_get_interface(ctx->acceptorCtx.eap);
+        ctx->acceptorCtx.eapPolInterface->portEnabled = TRUE;
+        ctx->acceptorCtx.eapPolInterface->eapRestart = TRUE;
     }
 
     if (ctx->acceptorName == GSS_C_NO_NAME && cred->name != GSS_C_NO_NAME) {

diff --git a/acinclude.m4 b/acinclude.m4
index cd51aab..f91ab0d 100644 (file)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -29,9 +29,9 @@ if test x_$found_krb5 != x_yes; then
 ----------------------------------------------------------------------
 ])
 else
-        printf "Kerberos found in $krb5dir\n";
+       printf "Kerberos found in $krb5dir\n";
        KRB5_LIBS="-lgssapi_krb5 -lkrb5";
-        KRB5_LDFLAGS="-L$krb5dir/lib";
+       KRB5_LDFLAGS="-L$krb5dir/lib";
        AC_SUBST(KRB5_CFLAGS)
        AC_SUBST(KRB5_LDFLAGS)
        AC_SUBST(KRB5_LIBS)
@@ -67,12 +67,38 @@ if test x_$found_eap != x_yes; then
 ----------------------------------------------------------------------
 ])
 else
-        printf "EAP found in $eapdir\n";
-       EAP_LIBS="-leap";
-        EAP_LDFLAGS="-L$eapdir/eap_example";
+       printf "EAP found in $eapdir\n";
+       EAP_CFLAGS="$EAP_CFLAGS \
+-DEAP_TLS \
+-DEAP_PEAP \
+-DEAP_TTLS \
+-DEAP_MD5 \
+-DEAP_MSCHAPv2 \
+-DEAP_GTC \
+-DEAP_OTP \
+-DEAP_LEAP \
+-DEAP_PSK \
+-DEAP_PAX \
+-DEAP_SAKE \
+-DEAP_GPSK \
+-DEAP_GPSK_SHA256 \
+-DEAP_SERVER_IDENTITY \
+-DEAP_SERVER_TLS \
+-DEAP_SERVER_PEAP \
+-DEAP_SERVER_TTLS \
+-DEAP_SERVER_MD5 \
+-DEAP_SERVER_MSCHAPV2 \
+-DEAP_SERVER_GTC \
+-DEAP_SERVER_PSK \
+-DEAP_SERVER_PAX \
+-DEAP_SERVER_SAKE \
+-DEAP_SERVER_GPSK \
+-DEAP_SERVER_GPSK_SHA256 \
+-DIEEE8021X_EAPOL";
+       EAP_LIBS="-leap -lutils -lcrypto -ltls";
+       EAP_LDFLAGS="-L$eapdir/eap_example -L$eapdir/src/utils -L$eapdir/src/crypto -L$eapdir/src/tls";
        AC_SUBST(EAP_CFLAGS)
        AC_SUBST(EAP_LDFLAGS)
        AC_SUBST(EAP_LIBS)
 fi
 ])dnl
-

diff --git a/acquire_cred_with_password.c b/acquire_cred_with_password.c
index e56419e..f86d3ba 100644 (file)
--- a/acquire_cred_with_password.c
+++ b/acquire_cred_with_password.c
@@ -33,15 +33,15 @@
 #include "gssapiP_eap.h"
 
 OM_uint32
-gss_acquire_cred_with_password(OM_uint32 *minor,
-                               const gss_name_t desired_name,
-                               const gss_buffer_t password,
-                               OM_uint32 time_req,
-                               const gss_OID_set desired_mechs,
-                               gss_cred_usage_t cred_usage,
-                               gss_cred_id_t *output_cred_handle,
-                               gss_OID_set *actual_mechs,
-                               OM_uint32 *time_rec)
+gssspi_acquire_cred_with_password(OM_uint32 *minor,
+                                  const gss_name_t desired_name,
+                                  const gss_buffer_t password,
+                                  OM_uint32 time_req,
+                                  const gss_OID_set desired_mechs,
+                                  gss_cred_usage_t cred_usage,
+                                  gss_cred_id_t *output_cred_handle,
+                                  gss_OID_set *actual_mechs,
+                                  OM_uint32 *time_rec)
 {
     return gssEapAcquireCred(minor, desired_name, password,
                              time_req, desired_mechs, cred_usage,

diff --git a/duplicate_name.c b/duplicate_name.c
index bc95057..6ad33a0 100644 (file)
--- a/duplicate_name.c
+++ b/duplicate_name.c
@@ -41,7 +41,7 @@ gss_duplicate_name(OM_uint32 *minor,
     krb5_context krbContext;
     gss_name_t name;
 
-    if (name == GSS_C_NO_NAME) {
+    if (input_name == GSS_C_NO_NAME) {
         *minor = EINVAL;
         return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
     }
@@ -63,13 +63,18 @@ gss_duplicate_name(OM_uint32 *minor,
         goto cleanup;
     }
 
-    major = radiusDuplicateAVPs(minor, input_name->avps, &name->avps);
-    if (GSS_ERROR(major))
-        goto cleanup;
+    if (input_name->avps != NULL) {
+        major = radiusDuplicateAVPs(minor, input_name->avps, &name->avps);
+        if (GSS_ERROR(major))
+            goto cleanup;
+    }
 
-    major = samlDuplicateAssertion(minor, input_name->assertion, &name->assertion);
-    if (GSS_ERROR(major))
-        goto cleanup;
+    if (input_name->assertion != NULL) {
+        major = samlDuplicateAssertion(minor, input_name->assertion,
+                                       &name->assertion);
+        if (GSS_ERROR(major))
+            goto cleanup;
+    }
 
     *dest_name = name;
 

diff --git a/eap_mech.c b/eap_mech.c
index 5a34fb6..5f977b6 100644 (file)
--- a/eap_mech.c
+++ b/eap_mech.c
@@ -243,6 +243,8 @@ eapServerRegisterMethods(void)
     if (ret == 0)
         ret = eap_server_tnc_register();
 #endif /* EAP_SERVER_TNC */
+
+    return ret;
 }
 
 static int

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 199048e..2369f47 100644 (file)
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -36,6 +36,8 @@
 #include <assert.h>
 #include <string.h>
 #include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
 #include <time.h>
 
 /* GSS includes */
@@ -45,8 +47,6 @@
 #include "util.h"
 
 /* EAP includes */
-#define IEEE8021X_EAPOL 1
-
 #include <common.h>
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>

diff --git a/gssapi_eap.h b/gssapi_eap.h
index 5ae5db1..2c8cee0 100644 (file)
--- a/gssapi_eap.h
+++ b/gssapi_eap.h
@@ -51,4 +51,3 @@ extern gss_OID GSS_EAP_NT_PRINCIPAL_NAME;
 #endif /* __cplusplus */
 
 #endif /* _GSSAPI_EAP_H_ */
-

diff --git a/init_sec_context.c b/init_sec_context.c
index 3d55ccd..119eb4f 100644 (file)
--- a/init_sec_context.c
+++ b/init_sec_context.c
@@ -353,7 +353,7 @@ eapGssSmInitAuthenticate(OM_uint32 *minor,
         ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS);
         ctx->state = EAP_STATE_ESTABLISHED;
         major = GSS_S_COMPLETE;
-    } else if (code == 0) {
+    } else if ((ctx->flags & CTX_FLAG_EAP_FAIL) || code == 0) {
         major = GSS_S_FAILURE;
     }
 

diff --git a/mech_eap.exports b/mech_eap.exports
index af8079f..f097029 100644 (file)
--- a/mech_eap.exports
+++ b/mech_eap.exports
@@ -1,6 +1,5 @@
 gss_accept_sec_context
 gss_acquire_cred
-gss_acquire_cred_with_password
 gss_add_cred
 gss_add_cred_with_password
 gss_canonicalize_name
@@ -43,3 +42,4 @@ GSS_EAP_MECHANISM
 GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM
 GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM
 GSS_EAP_NT_PRINCIPAL_NAME
+gssspi_acquire_cred_with_password

diff --git a/release_oid.c b/release_oid.c
index 768555d..8d1cbf3 100644 (file)
--- a/release_oid.c
+++ b/release_oid.c
@@ -36,7 +36,6 @@ OM_uint32
 gss_internal_release_oid(OM_uint32 *minor,
                          gss_OID *oid)
 {
-    OM_uint32 major;
     gss_OID internalizedOid = GSS_C_NO_OID;
 
     if (gssEapInternalizeOid(*oid, &internalizedOid)) {

diff --git a/set_cred_option.c b/set_cred_option.c
index b75614d..d5c5709 100644 (file)
--- a/set_cred_option.c
+++ b/set_cred_option.c
@@ -41,7 +41,7 @@ static struct {
 
 OM_uint32
 gssspi_set_cred_option(OM_uint32 *minor,
-                       gss_cred_id_t *cred,
+                       gss_cred_id_t cred,
                        const gss_OID desired_object,
                        const gss_buffer_t value)
 {
@@ -50,7 +50,7 @@ gssspi_set_cred_option(OM_uint32 *minor,
 
     for (i = 0; i < sizeof(setCredOps) / sizeof(setCredOps[0]); i++) {
         if (oidEqual(&setCredOps[i].oid, desired_object)) {
-            major = (*setCredOps[i].setOption)(minor, cred,
+            major = (*setCredOps[i].setOption)(minor, &cred,
                                               desired_object, value);
             break;
         }

diff --git a/set_name_attribute.c b/set_name_attribute.c
index 385ead4..c2b13c3 100644 (file)
--- a/set_name_attribute.c
+++ b/set_name_attribute.c
@@ -39,7 +39,7 @@ gss_set_name_attribute(OM_uint32 *minor,
                        gss_buffer_t attr,
                        gss_buffer_t value)
 {
-    OM_uint32 major, tmpMinor;
+    OM_uint32 major;
     gss_buffer_desc prefix, suffix;
     enum gss_eap_attribute_type type;
 

diff --git a/util_cred.c b/util_cred.c
index 7e659f6..1377f5e 100644 (file)
--- a/util_cred.c
+++ b/util_cred.c
@@ -38,7 +38,7 @@ gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
     OM_uint32 tmpMinor;
     gss_cred_id_t cred;
 
-    assert(*pCred == GSS_C_NO_CREDENTIAL);
+    *pCred = GSS_C_NO_CREDENTIAL;
 
     cred = (gss_cred_id_t)GSSEAP_CALLOC(1, sizeof(*cred));
     if (cred == NULL) {
@@ -104,11 +104,39 @@ gssEapAcquireCred(OM_uint32 *minor,
     if (GSS_ERROR(major))
         goto cleanup;
 
+    switch (credUsage) {
+    case GSS_C_BOTH:
+        cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT;
+        break;
+    case GSS_C_INITIATE:
+        cred->flags |= CRED_FLAG_INITIATE;
+        break;
+    case GSS_C_ACCEPT:
+        cred->flags |= CRED_FLAG_ACCEPT;
+        break;
+    default:
+        major = GSS_S_FAILURE;
+        goto cleanup;
+        break;
+    }
+
     if (desiredName != GSS_C_NO_NAME) {
         major = gss_duplicate_name(minor, desiredName, &cred->name);
         if (GSS_ERROR(major))
             goto cleanup;
     } else {
+        if (cred->flags & CRED_FLAG_INITIATE) {
+            gss_buffer_desc buf;
+
+            buf.value = getlogin(); /* XXX */
+            buf.length = strlen((char *)buf.value);
+
+            major = gss_import_name(&minor, &buf,
+                                    GSS_C_NT_USER_NAME, &cred->name);
+            if (GSS_ERROR(major))
+                goto cleanup;
+        }
+
         cred->flags |= CRED_FLAG_DEFAULT_IDENTITY;
     }
 
@@ -128,22 +156,6 @@ gssEapAcquireCred(OM_uint32 *minor,
     if (GSS_ERROR(major))
         goto cleanup;
 
-    switch (credUsage) {
-    case GSS_C_BOTH:
-        cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT;
-        break;
-    case GSS_C_INITIATE:
-        cred->flags |= CRED_FLAG_INITIATE;
-        break;
-    case GSS_C_ACCEPT:
-        cred->flags |= CRED_FLAG_ACCEPT;
-        break;
-    default:
-        major = GSS_S_FAILURE;
-        goto cleanup;
-        break;
-    }
-
     if (pActualMechs != NULL) {
         major = duplicateOidSet(minor, cred->mechanisms, pActualMechs);
         if (GSS_ERROR(major))

diff --git a/util_crypt.c b/util_crypt.c
index 207dd81..f35939b 100644 (file)
--- a/util_crypt.c
+++ b/util_crypt.c
@@ -316,7 +316,7 @@ gssEapLocateIov(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type)
 }
 
 void
-gssEapIovMessageLnegth(gss_iov_buffer_desc *iov,
+gssEapIovMessageLength(gss_iov_buffer_desc *iov,
                        int iov_count,
                        size_t *data_length_p,
                        size_t *assoc_data_length_p)
@@ -394,4 +394,3 @@ gssEapAllocIov(gss_iov_buffer_t iov, size_t size)
 
     return 0;
 }
-

diff --git a/util_mech.c b/util_mech.c
index 2919b34..efeca2d 100644 (file)
--- a/util_mech.c
+++ b/util_mech.c
@@ -47,18 +47,13 @@
  *        mechInvoke(5)
  */
 
-static gss_OID_desc gssEapMechPrefix = {
-    /* Note that alone this is not a valid DER encoded OID */
-    11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x00"
-};
-
 static gss_OID_desc gssEapConcreteMechs[] = {
     /* 1.3.6.1.4.1.5322.21.1  */
-    { 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
+    { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
     /* 1.3.6.1.4.1.5322.21.1.17 */
-    { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
     /* 1.3.6.1.4.1.5322.21.1.18 */
-    { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
 };
 
 gss_OID GSS_EAP_MECHANISM                            = &gssEapConcreteMechs[0];
@@ -68,9 +63,9 @@ gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapConcreteMechs[2];
 int
 gssEapIsConcreteMechanismOid(const gss_OID oid)
 {
-    return oid->length > gssEapMechPrefix.length &&
-           memcmp(oid->elements, gssEapMechPrefix.elements,
-                  gssEapMechPrefix.length) == 0;
+    return oid->length > GSS_EAP_MECHANISM->length &&
+           memcmp(oid->elements, GSS_EAP_MECHANISM->elements,
+                  GSS_EAP_MECHANISM->length) == 0;
 }
 
 int
@@ -112,8 +107,8 @@ gssEapOidToEnctype(OM_uint32 *minor,
     int suffix;
 
     major = decomposeOid(minor,
-                         gssEapMechPrefix.elements,
-                         gssEapMechPrefix.length,
+                         GSS_EAP_MECHANISM->elements,
+                         GSS_EAP_MECHANISM->length,
                          oid,
                          &suffix);
     if (major == GSS_S_COMPLETE)
@@ -138,7 +133,7 @@ gssEapEnctypeToOid(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
 
-    oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 1);
+    oid->elements = GSSEAP_MALLOC(GSS_EAP_MECHANISM->length + 1);
     if (oid->elements == NULL) {
         *minor = ENOMEM;
         free(oid);
@@ -146,8 +141,8 @@ gssEapEnctypeToOid(OM_uint32 *minor,
     }
 
     major = composeOid(minor,
-                       gssEapMechPrefix.elements,
-                       gssEapMechPrefix.length,
+                       GSS_EAP_MECHANISM->elements,
+                       GSS_EAP_MECHANISM->length,
                        enctype,
                        oid);
     if (major == GSS_S_COMPLETE) {

diff --git a/util_name.c b/util_name.c
index f1655cc..fd47bac 100644 (file)
--- a/util_name.c
+++ b/util_name.c
@@ -68,7 +68,7 @@ gssEapAllocName(OM_uint32 *minor, gss_name_t *pName)
     OM_uint32 tmpMinor;
     gss_name_t name;
 
-    assert(*pName == GSS_C_NO_NAME);
+    *pName = GSS_C_NO_NAME;
 
     name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name));
     if (name == NULL) {
@@ -138,7 +138,9 @@ krbPrincipalToName(OM_uint32 *minor,
         name->flags |= NAME_FLAG_SERVICE;
     }
 
+    *pName = name;
     *minor = 0;
+
     return GSS_S_COMPLETE;
 }
 

diff --git a/util_oid.c b/util_oid.c
index af2f08f..903aa35 100644 (file)
--- a/util_oid.c
+++ b/util_oid.c
@@ -72,7 +72,7 @@ duplicateOid(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
     p->length = oid->length;
-    p->elements = GSSEAP_MALLCO(p->length);
+    p->elements = GSSEAP_MALLOC(p->length);
     if (p->elements == NULL) {
         GSSEAP_FREE(p);
         return GSS_S_FAILURE;

diff --git a/util_radius.c b/util_radius.c
index b463168..f417983 100644 (file)
--- a/util_radius.c
+++ b/util_radius.c
@@ -47,7 +47,9 @@ OM_uint32
 radiusFreeAVPs(OM_uint32 *minor,
                struct eap_gss_avp_list *avps)
 {
-    GSSEAP_FREE(avps);
+    if (avps != NULL) {
+        GSSEAP_NOT_IMPLEMENTED;
+    }
 }
 
 OM_uint32

diff --git a/util_saml.c b/util_saml.c
index 8113677..c09b30a 100644 (file)
--- a/util_saml.c
+++ b/util_saml.c
@@ -44,7 +44,9 @@ OM_uint32
 samlFreeAssertion(OM_uint32 *minor,
                   struct eap_gss_saml_assertion *assertion)
 {
-    GSSEAP_NOT_IMPLEMENTED;
+    if (assertion != NULL) {
+        GSSEAP_NOT_IMPLEMENTED;
+    }
 }
 
 OM_uint32

diff --git a/wrap_iov.c b/wrap_iov.c
index cb96ef1..f9681fa 100644 (file)
--- a/wrap_iov.c
+++ b/wrap_iov.c
@@ -179,7 +179,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         store_uint16_be(ec, outbuf + 4);
         /* RRC */
         store_uint16_be(0, outbuf + 6);
-        store_64_be(ctx->sendSeq, outbuf + 8);
+        store_uint64_be(ctx->sendSeq, outbuf + 8);
 
         /*
          * EC | copy of header to be encrypted, located in
@@ -261,7 +261,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
             store_uint16_be(0xFFFF, outbuf + 4);
             store_uint16_be(0xFFFF, outbuf + 6);
         }
-        store_64_be(ctx->sendSeq, outbuf + 8);
+        store_uint64_be(ctx->sendSeq, outbuf + 8);
 
         code = gssEapSign(krbContext, 0, /* 0 == pick from crypto */
                           rrc, &ctx->rfc3961Key, keyUsage,