From: Luke Howard <lukeh@padl.com>
Date: Sat, 11 Aug 2012 00:54:38 +0000 (+1000)
Subject: preserve name mechanism on imported contexts
X-Git-Tag: 0.9.2~85
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=5608bd874190206dda3bc6f991241ef756769907

preserve name mechanism on imported contexts
---

diff --git a/mech_eap/export_sec_context.c b/mech_eap/export_sec_context.c
index e5be6d8..3b74366 100644
--- a/mech_eap/export_sec_context.c
+++ b/mech_eap/export_sec_context.c
@@ -121,6 +121,11 @@ gssEapExportSecContext(OM_uint32 *minor,
     key.length = KRB_KEY_LENGTH(&ctx->rfc3961Key);
     key.value  = KRB_KEY_DATA(&ctx->rfc3961Key);
 
+    /*
+     * As a shortcut, we omit the mechanism OID of the initiator name because
+     * we know it will match the context mechanism. The acceptor name mech OID
+     * is always included.
+     */
     if (ctx->initiatorName != GSS_C_NO_NAME) {
         major = gssEapExportNameInternal(minor, ctx->initiatorName,
                                          &initiatorName,
@@ -132,7 +137,7 @@ gssEapExportSecContext(OM_uint32 *minor,
     if (ctx->acceptorName != GSS_C_NO_NAME) {
         major = gssEapExportNameInternal(minor, ctx->acceptorName,
                                          &acceptorName,
-                                         EXPORT_NAME_FLAG_COMPOSITE);
+                                         EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_COMPOSITE);
         if (GSS_ERROR(major))
             goto cleanup;
     }
diff --git a/mech_eap/import_sec_context.c b/mech_eap/import_sec_context.c
index 1533a16..ed20b23 100644
--- a/mech_eap/import_sec_context.c
+++ b/mech_eap/import_sec_context.c
@@ -209,11 +209,12 @@ importKerberosKey(OM_uint32 *minor,
 
 static OM_uint32
 importName(OM_uint32 *minor,
+           gss_OID mech,
            unsigned char **pBuf,
            size_t *pRemain,
            gss_name_t *pName)
 {
-    OM_uint32 major;
+    OM_uint32 major, tmpMinor;
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     gss_buffer_desc tmp;
@@ -236,6 +237,14 @@ importName(OM_uint32 *minor,
                                          EXPORT_NAME_FLAG_COMPOSITE);
         if (GSS_ERROR(major))
             return major;
+
+        if (mech != GSS_C_NO_OID) {
+            major = gssEapCanonicalizeOid(minor, mech, 0, &(*pName)->mechanismUsed);
+            if (GSS_ERROR(major)) {
+                gssEapReleaseName(&tmpMinor, pName);
+                return major;
+            }
+        }
     }
 
     *pBuf    += 4 + tmp.length;
@@ -288,11 +297,12 @@ gssEapImportContext(OM_uint32 *minor,
     if (GSS_ERROR(major))
         return major;
 
-    major = importName(minor, &p, &remain, &ctx->initiatorName);
+    /* Initiator name OID matches the context mechanism, so it's not encoded */
+    major = importName(minor, ctx->mechanismUsed, &p, &remain, &ctx->initiatorName);
     if (GSS_ERROR(major))
         return major;
 
-    major = importName(minor, &p, &remain, &ctx->acceptorName);
+    major = importName(minor, GSS_C_NO_OID, &p, &remain, &ctx->acceptorName);
     if (GSS_ERROR(major))
         return major;