From fb205ffa6d9fbc901a0e377c556d05f68d5a5fb7 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sun, 19 Sep 2010 18:41:45 +0200 Subject: [PATCH] Support GSS_C_NT_COMPOSITE_EXPORT --- acinclude.m4 | 1 + configure.ac | 1 + export_name_composite.c | 7 ------- inquire_names_for_mech.c | 6 ++++++ mech_eap.exports | 1 + util_name.c | 21 +++++++++++++-------- 6 files changed, 22 insertions(+), 15 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 8ac594b..31f19df 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -35,6 +35,7 @@ else AC_SUBST(KRB5_CFLAGS) AC_SUBST(KRB5_LDFLAGS) AC_SUBST(KRB5_LIBS) + AC_CHECK_LIB(gssapi_krb5, GSS_C_NT_COMPOSITE_EXPORT, [AC_DEFINE_UNQUOTED([HAVE_GSS_C_NT_COMPOSITE_EXPORT], 1, [Define if GSS-API library supports recent naming extensions draft])], [], "$KRB5_LDFLAGS") fi ])dnl diff --git a/configure.ac b/configure.ac index 82bc27a..bdea2fb 100644 --- a/configure.ac +++ b/configure.ac @@ -7,6 +7,7 @@ LT_INIT([dlopen disable-static]) AC_PROG_CC AC_PROG_CXX +AC_CONFIG_HEADERS([config.h]) dnl Check if we're on Solaris and set CFLAGS accordingly dnl AC_CANONICAL_TARGET diff --git a/export_name_composite.c b/export_name_composite.c index ff5ac8c..6c4fef2 100644 --- a/export_name_composite.c +++ b/export_name_composite.c @@ -32,12 +32,6 @@ #include "gssapiP_eap.h" -#if 0 -/* - * Not sure about this. If we have a generalised representation of composite - * names, it should be (a) defined in the naming extensions specification - * and (b) implemented by the mechanism glue. - */ OM_uint32 gss_export_name_composite(OM_uint32 *minor, gss_name_t input_name, @@ -51,4 +45,3 @@ gss_export_name_composite(OM_uint32 *minor, return gssEapExportNameInternal(minor, input_name, exported_name, EXPORT_NAME_FLAG_OID | EXPORT_NAME_FLAG_ATTRS); } -#endif diff --git a/inquire_names_for_mech.c b/inquire_names_for_mech.c index fe3c64e..e761739 100644 --- a/inquire_names_for_mech.c +++ b/inquire_names_for_mech.c @@ -60,6 +60,12 @@ gss_inquire_names_for_mech(OM_uint32 *minor, if (GSS_ERROR(major)) goto cleanup; +#ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT + major = gss_add_oid_set_member(minor, GSS_C_NT_COMPOSITE_EXPORT, name_types); + if (GSS_ERROR(major)) + goto cleanup; +#endif + major = gss_add_oid_set_member(minor, GSS_EAP_NT_PRINCIPAL_NAME, name_types); if (GSS_ERROR(major)) goto cleanup; diff --git a/mech_eap.exports b/mech_eap.exports index ba11e69..ad4dc24 100644 --- a/mech_eap.exports +++ b/mech_eap.exports @@ -11,6 +11,7 @@ gss_display_name_ext gss_display_status gss_duplicate_name gss_export_name +gss_export_name_composite gss_export_sec_context gss_get_mic gss_get_name_attribute diff --git a/util_name.c b/util_name.c index 50da741..26fccbc 100644 --- a/util_name.c +++ b/util_name.c @@ -237,7 +237,7 @@ gssEapImportNameInternal(OM_uint32 *minor, unsigned char *p; size_t len, remain; gss_buffer_desc buf; - enum gss_eap_token_type tok_type; + enum gss_eap_token_type tokType; gss_name_t name = GSS_C_NO_NAME; GSSEAP_KRB_INIT(&krbContext); @@ -249,16 +249,16 @@ gssEapImportNameInternal(OM_uint32 *minor, if (remain < 6 + GSS_EAP_MECHANISM->length + 4) return GSS_S_BAD_NAME; + if (flags & EXPORT_NAME_FLAG_ATTRS) + tokType = TOK_TYPE_EXPORT_NAME_COMPOSITE; + else + tokType = TOK_TYPE_EXPORT_NAME; + /* TOK_ID */ - tok_type = load_uint16_be(p); - if (tok_type != TOK_TYPE_EXPORT_NAME && - tok_type != TOK_TYPE_EXPORT_NAME_COMPOSITE) + if (load_uint16_be(p) != tokType) return GSS_S_BAD_NAME; UPDATE_REMAIN(2); - if (tok_type == TOK_TYPE_EXPORT_NAME_COMPOSITE) - flags |= EXPORT_NAME_FLAG_ATTRS; - /* MECH_OID_LEN */ len = load_uint16_be(p); if (len != 2 + GSS_EAP_MECHANISM->length) @@ -336,6 +336,12 @@ gssEapImportName(OM_uint32 *minor, else if (oidEqual(nameType, GSS_C_NT_EXPORT_NAME)) major = gssEapImportNameInternal(minor, nameBuffer, name, EXPORT_NAME_FLAG_OID); +#ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT + else if (oidEqual(nameType, GSS_C_NT_COMPOSITE_EXPORT)) + major = gssEapImportNameInternal(minor, nameBuffer, name, + EXPORT_NAME_FLAG_OID | + EXPORT_NAME_FLAG_ATTRS); +#endif else major = GSS_S_BAD_NAMETYPE; @@ -443,4 +449,3 @@ cleanup: return major; } - -- 2.1.4