projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eaed4f5)
allow empty acceptor names
authorLuke Howard <lukeh@padl.com>
Tue, 13 Nov 2012 05:25:20 +0000 (16:25 +1100)
committerSam Hartman <hartmans@painless-security.com>
Fri, 16 Nov 2012 03:09:25 +0000 (22:09 -0500)
mech_eap/accept_sec_context.c patch | blob | history
mech_eap/inquire_context.c patch | blob | history
mech_eap/util_reauth.c patch | blob | history

diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c
index aeba1b4..e4f1ef5 100644 (file)
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -903,13 +903,11 @@ gssEapAcceptSecContext(OM_uint32 *minor,
      * credential handle.
      */
 
-    /*
-     * Calling gssEapInquireCred() forces the default acceptor credential name
-     * to be resolved.
-     */
-    major = gssEapInquireCred(minor, cred, &ctx->acceptorName, NULL, NULL, NULL);
-    if (GSS_ERROR(major))
-        goto cleanup;
+    if (cred->name != GSS_C_NO_NAME) {
+        major = gssEapDuplicateName(minor, cred->name, &ctx->acceptorName);
+        if (GSS_ERROR(major))
+            goto cleanup;
+    }
 
     major = gssEapSmStep(minor,
                          cred,
diff --git a/mech_eap/inquire_context.c b/mech_eap/inquire_context.c
index d37818d..305145c 100644 (file)
--- a/mech_eap/inquire_context.c
+++ b/mech_eap/inquire_context.c
@@ -57,15 +57,21 @@ gss_inquire_context(OM_uint32 *minor,
     GSSEAP_MUTEX_LOCK(&ctx->mutex);
 
     if (src_name != NULL) {
-        major = gssEapDuplicateName(minor, ctx->initiatorName, src_name);
-        if (GSS_ERROR(major))
-            goto cleanup;
+        if (ctx->initiatorName != GSS_C_NO_NAME) {
+            major = gssEapDuplicateName(minor, ctx->initiatorName, src_name);
+            if (GSS_ERROR(major))
+                goto cleanup;
+        } else
+            *src_name = GSS_C_NO_NAME;
     }
 
     if (targ_name != NULL) {
-        major = gssEapDuplicateName(minor, ctx->acceptorName, targ_name);
-        if (GSS_ERROR(major))
-            goto cleanup;
+        if (ctx->acceptorName != GSS_C_NO_NAME) {
+            major = gssEapDuplicateName(minor, ctx->acceptorName, targ_name);
+            if (GSS_ERROR(major))
+                goto cleanup;
+        } else
+            *targ_name = GSS_C_NO_NAME;
     }
 
     if (lifetime_rec != NULL) {
diff --git a/mech_eap/util_reauth.c b/mech_eap/util_reauth.c
index 0fc6af7..40e3de1 100644 (file)
--- a/mech_eap/util_reauth.c
+++ b/mech_eap/util_reauth.c
@@ -214,6 +214,11 @@ gssEapMakeReauthCreds(OM_uint32 *minor,
     credBuf->length = 0;
     credBuf->value = NULL;
 
+    if (ctx->acceptorName == GSS_C_NO_NAME) {
+        *minor = GSSEAP_NO_ACCEPTOR_NAME;
+        return GSS_S_UNAVAILABLE;
+    }
+
     GSSEAP_KRB_INIT(&krbContext);
 
     code = getAcceptorKey(krbContext, ctx, cred, &server, &acceptorKey);
Moonshot GSS-API mechanism