From: Luke Howard Date: Thu, 17 Mar 2011 14:40:21 +0000 (+1100) Subject: require a realm in EAP names; don't add default Kerberos realm X-Git-Tag: dvd/201105~12^2~96 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=f4c2e66d250f41e779c8bcec1df284a290b2224f require a realm in EAP names; don't add default Kerberos realm --- diff --git a/README b/README index 3e5e4eb..c145c33 100644 --- a/README +++ b/README @@ -112,7 +112,8 @@ appropriately ( is the name of the host running the server, not the RADIUS server). % gss-client -port 5555 -spnego -mech "{1 3 6 1 4 1 5322 22 1 18}" \ - -user -pass host@ "Testing GSS EAP" + -user @ -pass host@ \ + "Testing GSS EAP" % gss-server -port 5555 -export host@ Note: for SASL you will be prompted for a username and password. diff --git a/util_cred.c b/util_cred.c index 3b06a53..0a2108b 100644 --- a/util_cred.c +++ b/util_cred.c @@ -161,6 +161,7 @@ gssEapAcquireCred(OM_uint32 *minor, } else { gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; gss_OID nameType = GSS_C_NO_OID; + char loginName[256]; if (cred->flags & CRED_FLAG_ACCEPT) { char serviceName[5 + MAXHOSTNAMELEN] = "host@"; @@ -177,8 +178,10 @@ gssEapAcquireCred(OM_uint32 *minor, nameType = GSS_C_NT_HOSTBASED_SERVICE; } else if (cred->flags & CRED_FLAG_INITIATE) { - nameBuf.value = getlogin(); /* XXX */ - nameBuf.length = strlen((char *)nameBuf.value); + /* XXX FIXME temporary implementation */ + snprintf(loginName, sizeof(loginName), "%s@", getlogin()); + nameBuf.value = loginName; + nameBuf.length = strlen(loginName); nameType = GSS_C_NT_USER_NAME; } diff --git a/util_name.c b/util_name.c index 85f8b3f..fa5b108 100644 --- a/util_name.c +++ b/util_name.c @@ -210,7 +210,9 @@ importUserName(OM_uint32 *minor, if (GSS_ERROR(major)) return major; - *minor = krb5_parse_name(krbContext, nameString, &krbPrinc); + *minor = krb5_parse_name_flags(krbContext, nameString, + KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, + &krbPrinc); if (*minor != 0) { GSSEAP_FREE(nameString); return GSS_S_FAILURE;