gss_buffer_t mech_description)
{
gss_buffer_t name;
+ krb5_enctype etype = ENCTYPE_NULL;
+ krb5_context krbContext;
+
+ GSSEAP_KRB_INIT(&krbContext);
+
+ makeStringBuffer(minor,
+ "Extensible Authentication Protocol GSS-API Mechanism",
+ mech_description);
+
+ /* Dynamically construct mechanism name from Kerberos string enctype */
+ if (oidEqual(mech, GSS_EAP_MECHANISM)) {
+ makeStringBuffer(minor, "eap", mech_name);
+ } else if (gssEapOidToEnctype(minor, mech, &etype) == GSS_S_COMPLETE) {
+ char krbBuf[128] = "eap-";
+
+ if (krb5_enctype_to_name(etype, 0, &krbBuf[4], sizeof(krbBuf) - 4) == 0)
+ makeStringBuffer(minor, krbBuf, mech_name);
+ }
name = gssEapOidToSaslName(mech);
if (name == GSS_C_NO_BUFFER)
}
static gss_buffer_desc gssEapSaslMechs[] = {
- { sizeof("GS2-EAP"), "GS2-EAP", },
- { sizeof("GS2-EAP-AES128"), "GS2-EAP-AES128" },
- { sizeof("GS2-EAP-AES256"), "GS2-EAP-AES256" },
+ { sizeof("GS2-EAP") - 1, "GS2-EAP", },
+ { sizeof("GS2-EAP-AES128") - 1, "GS2-EAP-AES128" },
+ { sizeof("GS2-EAP-AES256") - 1, "GS2-EAP-AES256" },
};
gss_buffer_t
*(*buf)++ = (unsigned char)mech->length;
memcpy(*buf, mech->elements, mech->length);
*buf += mech->length;
- if (tok_type != TOK_TYPE_NONE) {
- *(*buf)++ = (unsigned char)((tok_type>>8) & 0xff);
- *(*buf)++ = (unsigned char)(tok_type & 0xff);
- }
+ assert(tok_type != TOK_TYPE_NONE);
+ *(*buf)++ = (unsigned char)((tok_type>>8) & 0xff);
+ *(*buf)++ = (unsigned char)(tok_type & 0xff);
}
/*