From d4fe7ce93304facaf069792c347b01b25ab765ae Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 9 Sep 2010 16:19:29 +0200 Subject: [PATCH] fix some build errors --- accept_sec_context.c | 8 ++++++-- acinclude.m4 | 38 ++++++++++++++++++++++++++++++------ acquire_cred_with_password.c | 18 ++++++++--------- duplicate_name.c | 19 +++++++++++------- eap_mech.c | 2 ++ gssapiP_eap.h | 4 ++-- gssapi_eap.h | 1 - init_sec_context.c | 2 +- mech_eap.exports | 2 +- release_oid.c | 1 - set_cred_option.c | 4 ++-- set_name_attribute.c | 2 +- util_cred.c | 46 ++++++++++++++++++++++++++++---------------- util_crypt.c | 3 +-- util_mech.c | 27 +++++++++++--------------- util_name.c | 4 +++- util_oid.c | 2 +- util_radius.c | 4 +++- util_saml.c | 4 +++- wrap_iov.c | 4 ++-- 20 files changed, 121 insertions(+), 74 deletions(-) diff --git a/accept_sec_context.c b/accept_sec_context.c index 8ab9a9b..e254ade 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -198,8 +198,8 @@ serverGetEapUser(void *ctx, */ user->methods[0].vendor = EAP_VENDOR_IETF; user->methods[0].method = EAP_TYPE_MSCHAPV2; - user->password = (unsigned char *)strdup(""); - user->password_len = 0; + user->password = (unsigned char *)strdup(" "); + user->password_len = 1; return 0; } @@ -280,6 +280,10 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor, major = GSS_S_FAILURE; goto cleanup; } + + ctx->acceptorCtx.eapPolInterface = eap_get_interface(ctx->acceptorCtx.eap); + ctx->acceptorCtx.eapPolInterface->portEnabled = TRUE; + ctx->acceptorCtx.eapPolInterface->eapRestart = TRUE; } if (ctx->acceptorName == GSS_C_NO_NAME && cred->name != GSS_C_NO_NAME) { diff --git a/acinclude.m4 b/acinclude.m4 index cd51aab..f91ab0d 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -29,9 +29,9 @@ if test x_$found_krb5 != x_yes; then ---------------------------------------------------------------------- ]) else - printf "Kerberos found in $krb5dir\n"; + printf "Kerberos found in $krb5dir\n"; KRB5_LIBS="-lgssapi_krb5 -lkrb5"; - KRB5_LDFLAGS="-L$krb5dir/lib"; + KRB5_LDFLAGS="-L$krb5dir/lib"; AC_SUBST(KRB5_CFLAGS) AC_SUBST(KRB5_LDFLAGS) AC_SUBST(KRB5_LIBS) @@ -67,12 +67,38 @@ if test x_$found_eap != x_yes; then ---------------------------------------------------------------------- ]) else - printf "EAP found in $eapdir\n"; - EAP_LIBS="-leap"; - EAP_LDFLAGS="-L$eapdir/eap_example"; + printf "EAP found in $eapdir\n"; + EAP_CFLAGS="$EAP_CFLAGS \ +-DEAP_TLS \ +-DEAP_PEAP \ +-DEAP_TTLS \ +-DEAP_MD5 \ +-DEAP_MSCHAPv2 \ +-DEAP_GTC \ +-DEAP_OTP \ +-DEAP_LEAP \ +-DEAP_PSK \ +-DEAP_PAX \ +-DEAP_SAKE \ +-DEAP_GPSK \ +-DEAP_GPSK_SHA256 \ +-DEAP_SERVER_IDENTITY \ +-DEAP_SERVER_TLS \ +-DEAP_SERVER_PEAP \ +-DEAP_SERVER_TTLS \ +-DEAP_SERVER_MD5 \ +-DEAP_SERVER_MSCHAPV2 \ +-DEAP_SERVER_GTC \ +-DEAP_SERVER_PSK \ +-DEAP_SERVER_PAX \ +-DEAP_SERVER_SAKE \ +-DEAP_SERVER_GPSK \ +-DEAP_SERVER_GPSK_SHA256 \ +-DIEEE8021X_EAPOL"; + EAP_LIBS="-leap -lutils -lcrypto -ltls"; + EAP_LDFLAGS="-L$eapdir/eap_example -L$eapdir/src/utils -L$eapdir/src/crypto -L$eapdir/src/tls"; AC_SUBST(EAP_CFLAGS) AC_SUBST(EAP_LDFLAGS) AC_SUBST(EAP_LIBS) fi ])dnl - diff --git a/acquire_cred_with_password.c b/acquire_cred_with_password.c index e56419e..f86d3ba 100644 --- a/acquire_cred_with_password.c +++ b/acquire_cred_with_password.c @@ -33,15 +33,15 @@ #include "gssapiP_eap.h" OM_uint32 -gss_acquire_cred_with_password(OM_uint32 *minor, - const gss_name_t desired_name, - const gss_buffer_t password, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t *output_cred_handle, - gss_OID_set *actual_mechs, - OM_uint32 *time_rec) +gssspi_acquire_cred_with_password(OM_uint32 *minor, + const gss_name_t desired_name, + const gss_buffer_t password, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) { return gssEapAcquireCred(minor, desired_name, password, time_req, desired_mechs, cred_usage, diff --git a/duplicate_name.c b/duplicate_name.c index bc95057..6ad33a0 100644 --- a/duplicate_name.c +++ b/duplicate_name.c @@ -41,7 +41,7 @@ gss_duplicate_name(OM_uint32 *minor, krb5_context krbContext; gss_name_t name; - if (name == GSS_C_NO_NAME) { + if (input_name == GSS_C_NO_NAME) { *minor = EINVAL; return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } @@ -63,13 +63,18 @@ gss_duplicate_name(OM_uint32 *minor, goto cleanup; } - major = radiusDuplicateAVPs(minor, input_name->avps, &name->avps); - if (GSS_ERROR(major)) - goto cleanup; + if (input_name->avps != NULL) { + major = radiusDuplicateAVPs(minor, input_name->avps, &name->avps); + if (GSS_ERROR(major)) + goto cleanup; + } - major = samlDuplicateAssertion(minor, input_name->assertion, &name->assertion); - if (GSS_ERROR(major)) - goto cleanup; + if (input_name->assertion != NULL) { + major = samlDuplicateAssertion(minor, input_name->assertion, + &name->assertion); + if (GSS_ERROR(major)) + goto cleanup; + } *dest_name = name; diff --git a/eap_mech.c b/eap_mech.c index 5a34fb6..5f977b6 100644 --- a/eap_mech.c +++ b/eap_mech.c @@ -243,6 +243,8 @@ eapServerRegisterMethods(void) if (ret == 0) ret = eap_server_tnc_register(); #endif /* EAP_SERVER_TNC */ + + return ret; } static int diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 199048e..2369f47 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -36,6 +36,8 @@ #include #include #include +#include +#include #include /* GSS includes */ @@ -45,8 +47,6 @@ #include "util.h" /* EAP includes */ -#define IEEE8021X_EAPOL 1 - #include #include #include diff --git a/gssapi_eap.h b/gssapi_eap.h index 5ae5db1..2c8cee0 100644 --- a/gssapi_eap.h +++ b/gssapi_eap.h @@ -51,4 +51,3 @@ extern gss_OID GSS_EAP_NT_PRINCIPAL_NAME; #endif /* __cplusplus */ #endif /* _GSSAPI_EAP_H_ */ - diff --git a/init_sec_context.c b/init_sec_context.c index 3d55ccd..119eb4f 100644 --- a/init_sec_context.c +++ b/init_sec_context.c @@ -353,7 +353,7 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS); ctx->state = EAP_STATE_ESTABLISHED; major = GSS_S_COMPLETE; - } else if (code == 0) { + } else if ((ctx->flags & CTX_FLAG_EAP_FAIL) || code == 0) { major = GSS_S_FAILURE; } diff --git a/mech_eap.exports b/mech_eap.exports index af8079f..f097029 100644 --- a/mech_eap.exports +++ b/mech_eap.exports @@ -1,6 +1,5 @@ gss_accept_sec_context gss_acquire_cred -gss_acquire_cred_with_password gss_add_cred gss_add_cred_with_password gss_canonicalize_name @@ -43,3 +42,4 @@ GSS_EAP_MECHANISM GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM GSS_EAP_NT_PRINCIPAL_NAME +gssspi_acquire_cred_with_password diff --git a/release_oid.c b/release_oid.c index 768555d..8d1cbf3 100644 --- a/release_oid.c +++ b/release_oid.c @@ -36,7 +36,6 @@ OM_uint32 gss_internal_release_oid(OM_uint32 *minor, gss_OID *oid) { - OM_uint32 major; gss_OID internalizedOid = GSS_C_NO_OID; if (gssEapInternalizeOid(*oid, &internalizedOid)) { diff --git a/set_cred_option.c b/set_cred_option.c index b75614d..d5c5709 100644 --- a/set_cred_option.c +++ b/set_cred_option.c @@ -41,7 +41,7 @@ static struct { OM_uint32 gssspi_set_cred_option(OM_uint32 *minor, - gss_cred_id_t *cred, + gss_cred_id_t cred, const gss_OID desired_object, const gss_buffer_t value) { @@ -50,7 +50,7 @@ gssspi_set_cred_option(OM_uint32 *minor, for (i = 0; i < sizeof(setCredOps) / sizeof(setCredOps[0]); i++) { if (oidEqual(&setCredOps[i].oid, desired_object)) { - major = (*setCredOps[i].setOption)(minor, cred, + major = (*setCredOps[i].setOption)(minor, &cred, desired_object, value); break; } diff --git a/set_name_attribute.c b/set_name_attribute.c index 385ead4..c2b13c3 100644 --- a/set_name_attribute.c +++ b/set_name_attribute.c @@ -39,7 +39,7 @@ gss_set_name_attribute(OM_uint32 *minor, gss_buffer_t attr, gss_buffer_t value) { - OM_uint32 major, tmpMinor; + OM_uint32 major; gss_buffer_desc prefix, suffix; enum gss_eap_attribute_type type; diff --git a/util_cred.c b/util_cred.c index 7e659f6..1377f5e 100644 --- a/util_cred.c +++ b/util_cred.c @@ -38,7 +38,7 @@ gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred) OM_uint32 tmpMinor; gss_cred_id_t cred; - assert(*pCred == GSS_C_NO_CREDENTIAL); + *pCred = GSS_C_NO_CREDENTIAL; cred = (gss_cred_id_t)GSSEAP_CALLOC(1, sizeof(*cred)); if (cred == NULL) { @@ -104,11 +104,39 @@ gssEapAcquireCred(OM_uint32 *minor, if (GSS_ERROR(major)) goto cleanup; + switch (credUsage) { + case GSS_C_BOTH: + cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT; + break; + case GSS_C_INITIATE: + cred->flags |= CRED_FLAG_INITIATE; + break; + case GSS_C_ACCEPT: + cred->flags |= CRED_FLAG_ACCEPT; + break; + default: + major = GSS_S_FAILURE; + goto cleanup; + break; + } + if (desiredName != GSS_C_NO_NAME) { major = gss_duplicate_name(minor, desiredName, &cred->name); if (GSS_ERROR(major)) goto cleanup; } else { + if (cred->flags & CRED_FLAG_INITIATE) { + gss_buffer_desc buf; + + buf.value = getlogin(); /* XXX */ + buf.length = strlen((char *)buf.value); + + major = gss_import_name(&minor, &buf, + GSS_C_NT_USER_NAME, &cred->name); + if (GSS_ERROR(major)) + goto cleanup; + } + cred->flags |= CRED_FLAG_DEFAULT_IDENTITY; } @@ -128,22 +156,6 @@ gssEapAcquireCred(OM_uint32 *minor, if (GSS_ERROR(major)) goto cleanup; - switch (credUsage) { - case GSS_C_BOTH: - cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT; - break; - case GSS_C_INITIATE: - cred->flags |= CRED_FLAG_INITIATE; - break; - case GSS_C_ACCEPT: - cred->flags |= CRED_FLAG_ACCEPT; - break; - default: - major = GSS_S_FAILURE; - goto cleanup; - break; - } - if (pActualMechs != NULL) { major = duplicateOidSet(minor, cred->mechanisms, pActualMechs); if (GSS_ERROR(major)) diff --git a/util_crypt.c b/util_crypt.c index 207dd81..f35939b 100644 --- a/util_crypt.c +++ b/util_crypt.c @@ -316,7 +316,7 @@ gssEapLocateIov(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type) } void -gssEapIovMessageLnegth(gss_iov_buffer_desc *iov, +gssEapIovMessageLength(gss_iov_buffer_desc *iov, int iov_count, size_t *data_length_p, size_t *assoc_data_length_p) @@ -394,4 +394,3 @@ gssEapAllocIov(gss_iov_buffer_t iov, size_t size) return 0; } - diff --git a/util_mech.c b/util_mech.c index 2919b34..efeca2d 100644 --- a/util_mech.c +++ b/util_mech.c @@ -47,18 +47,13 @@ * mechInvoke(5) */ -static gss_OID_desc gssEapMechPrefix = { - /* Note that alone this is not a valid DER encoded OID */ - 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x00" -}; - static gss_OID_desc gssEapConcreteMechs[] = { /* 1.3.6.1.4.1.5322.21.1 */ - { 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" }, + { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" }, /* 1.3.6.1.4.1.5322.21.1.17 */ - { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" }, + { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" }, /* 1.3.6.1.4.1.5322.21.1.18 */ - { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" } + { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" } }; gss_OID GSS_EAP_MECHANISM = &gssEapConcreteMechs[0]; @@ -68,9 +63,9 @@ gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[2]; int gssEapIsConcreteMechanismOid(const gss_OID oid) { - return oid->length > gssEapMechPrefix.length && - memcmp(oid->elements, gssEapMechPrefix.elements, - gssEapMechPrefix.length) == 0; + return oid->length > GSS_EAP_MECHANISM->length && + memcmp(oid->elements, GSS_EAP_MECHANISM->elements, + GSS_EAP_MECHANISM->length) == 0; } int @@ -112,8 +107,8 @@ gssEapOidToEnctype(OM_uint32 *minor, int suffix; major = decomposeOid(minor, - gssEapMechPrefix.elements, - gssEapMechPrefix.length, + GSS_EAP_MECHANISM->elements, + GSS_EAP_MECHANISM->length, oid, &suffix); if (major == GSS_S_COMPLETE) @@ -138,7 +133,7 @@ gssEapEnctypeToOid(OM_uint32 *minor, return GSS_S_FAILURE; } - oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 1); + oid->elements = GSSEAP_MALLOC(GSS_EAP_MECHANISM->length + 1); if (oid->elements == NULL) { *minor = ENOMEM; free(oid); @@ -146,8 +141,8 @@ gssEapEnctypeToOid(OM_uint32 *minor, } major = composeOid(minor, - gssEapMechPrefix.elements, - gssEapMechPrefix.length, + GSS_EAP_MECHANISM->elements, + GSS_EAP_MECHANISM->length, enctype, oid); if (major == GSS_S_COMPLETE) { diff --git a/util_name.c b/util_name.c index f1655cc..fd47bac 100644 --- a/util_name.c +++ b/util_name.c @@ -68,7 +68,7 @@ gssEapAllocName(OM_uint32 *minor, gss_name_t *pName) OM_uint32 tmpMinor; gss_name_t name; - assert(*pName == GSS_C_NO_NAME); + *pName = GSS_C_NO_NAME; name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name)); if (name == NULL) { @@ -138,7 +138,9 @@ krbPrincipalToName(OM_uint32 *minor, name->flags |= NAME_FLAG_SERVICE; } + *pName = name; *minor = 0; + return GSS_S_COMPLETE; } diff --git a/util_oid.c b/util_oid.c index af2f08f..903aa35 100644 --- a/util_oid.c +++ b/util_oid.c @@ -72,7 +72,7 @@ duplicateOid(OM_uint32 *minor, return GSS_S_FAILURE; } p->length = oid->length; - p->elements = GSSEAP_MALLCO(p->length); + p->elements = GSSEAP_MALLOC(p->length); if (p->elements == NULL) { GSSEAP_FREE(p); return GSS_S_FAILURE; diff --git a/util_radius.c b/util_radius.c index b463168..f417983 100644 --- a/util_radius.c +++ b/util_radius.c @@ -47,7 +47,9 @@ OM_uint32 radiusFreeAVPs(OM_uint32 *minor, struct eap_gss_avp_list *avps) { - GSSEAP_FREE(avps); + if (avps != NULL) { + GSSEAP_NOT_IMPLEMENTED; + } } OM_uint32 diff --git a/util_saml.c b/util_saml.c index 8113677..c09b30a 100644 --- a/util_saml.c +++ b/util_saml.c @@ -44,7 +44,9 @@ OM_uint32 samlFreeAssertion(OM_uint32 *minor, struct eap_gss_saml_assertion *assertion) { - GSSEAP_NOT_IMPLEMENTED; + if (assertion != NULL) { + GSSEAP_NOT_IMPLEMENTED; + } } OM_uint32 diff --git a/wrap_iov.c b/wrap_iov.c index cb96ef1..f9681fa 100644 --- a/wrap_iov.c +++ b/wrap_iov.c @@ -179,7 +179,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, store_uint16_be(ec, outbuf + 4); /* RRC */ store_uint16_be(0, outbuf + 6); - store_64_be(ctx->sendSeq, outbuf + 8); + store_uint64_be(ctx->sendSeq, outbuf + 8); /* * EC | copy of header to be encrypted, located in @@ -261,7 +261,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, store_uint16_be(0xFFFF, outbuf + 4); store_uint16_be(0xFFFF, outbuf + 6); } - store_64_be(ctx->sendSeq, outbuf + 8); + store_uint64_be(ctx->sendSeq, outbuf + 8); code = gssEapSign(krbContext, 0, /* 0 == pick from crypto */ rrc, &ctx->rfc3961Key, keyUsage, -- 2.1.4