Merge branch 'master' into tlv-mic

author Luke Howard <lukeh@padl.com>

Thu, 31 Mar 2011 09:07:15 +0000 (20:07 +1100)

committer Luke Howard <lukeh@padl.com>

Thu, 31 Mar 2011 09:07:15 +0000 (20:07 +1100)
author Luke Howard <lukeh@padl.com>
Thu, 31 Mar 2011 09:07:15 +0000 (20:07 +1100)
committer Luke Howard <lukeh@padl.com>
Thu, 31 Mar 2011 09:07:15 +0000 (20:07 +1100)
diff --git a/cyrus-sasl b/cyrus-sasl

index 7fef9d8..ad4b5d3 160000 (submodule)
--- a/cyrus-sasl
+++ b/cyrus-sasl
@@ -1 +1 @@
-Subproject commit 7fef9d8d7c38f8638bad24de28f5b79251f2c00a
+Subproject commit ad4b5d35ac842254bc6c897735fb932a457529e3
diff --git a/mech_eap/TODO b/mech_eap/TODO

index 205440e..d622364 100644 (file)
--- a/mech_eap/TODO
+++ b/mech_eap/TODO
@@ -1,3 +1,7 @@
  - integration with initiator-side EAP channel bindings
  - integration with final supplicant architecture
  - test Heimdal port
+
+- fix ABNF: no slash in the case where there is no host
+- specify anonymous behaviour: use empty name
+
diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c

index bac9130..0619490 100644 (file)
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -72,7 +72,7 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
  
      major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
                                    PW_USER_NAME, 0, &vp);
-    if (major == GSS_S_COMPLETE) {
+    if (major == GSS_S_COMPLETE && vp->length) {
          nameBuf.length = vp->length;
          nameBuf.value = vp->vp_strvalue;
      } else {
diff --git a/mech_eap/util.h b/mech_eap/util.h

index 9478cb6..5c712ea 100644 (file)
--- a/mech_eap/util.h
+++ b/mech_eap/util.h
@@ -356,9 +356,6 @@ rfc3961ChecksumTypeForKey(OM_uint32 *minor,
                            krb5_keyblock *key,
                            krb5_cksumtype *cksumtype);
  
-krb5_const_principal
-krbAnonymousPrincipal(void);
-
  krb5_error_code
  krbCryptoLength(krb5_context krbContext,
  #ifdef HAVE_HEIMDAL_VERSION
diff --git a/mech_eap/util_krb.c b/mech_eap/util_krb.c

index abc9e61..88ad6dd 100644 (file)
--- a/mech_eap/util_krb.c
+++ b/mech_eap/util_krb.c
@@ -300,26 +300,6 @@ rfc3961ChecksumTypeForKey(OM_uint32 *minor,
      return GSS_S_COMPLETE;
  }
  
-#ifdef HAVE_HEIMDAL_VERSION
-static heim_general_string krbAnonymousPrincipalComponents[] =
-    { KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME };
-
-static const Principal krbAnonymousPrincipalData = {
-    { KRB5_NT_WELLKNOWN, { 2, krbAnonymousPrincipalComponents } },
-    "WELLKNOWN:ANONYMOUS"
-};
-#endif
-
-krb5_const_principal
-krbAnonymousPrincipal(void)
-{
-#ifdef HAVE_HEIMDAL_VERSION
-    return &krbAnonymousPrincipalData;
-#else
-    return krb5_anonymous_principal();
-#endif
-}
-
  krb5_error_code
  krbCryptoLength(krb5_context krbContext,
  #ifdef HAVE_HEIMDAL_VERSION
diff --git a/mech_eap/util_name.c b/mech_eap/util_name.c

index 7950d0b..2922f98 100644 (file)
--- a/mech_eap/util_name.c
+++ b/mech_eap/util_name.c
@@ -226,19 +226,14 @@ importEapNameFlags(OM_uint32 *minor,
      krb5_context krbContext;
      krb5_principal krbPrinc = NULL;
      krb5_error_code code;
+    char *nameString;
  
      GSSEAP_KRB_INIT(&krbContext);
  
      if (nameBuffer == GSS_C_NO_BUFFER) {
-        code = krb5_copy_principal(krbContext,
-                                   krbAnonymousPrincipal(), &krbPrinc);
-        if (code != 0) {
-            *minor = code;
-            return GSS_S_FAILURE;
-        }
+        nameString = "";
+        code = KRB5_PARSE_MALFORMED;
      } else {
-        char *nameString;
-
          major = bufferToString(minor, nameBuffer, &nameString);
          if (GSS_ERROR(major))
              return major;
@@ -251,38 +246,40 @@ importEapNameFlags(OM_uint32 *minor,
           */
          code = krb5_parse_name_flags(krbContext, nameString,
                                       KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &krbPrinc);
-        if (code == KRB5_PARSE_MALFORMED) {
-            char *defaultRealm = NULL;
-            int parseFlags = 0;
+    }
  
-            /* Possibly append the default EAP realm if required */
-            if (importFlags & IMPORT_FLAG_DEFAULT_REALM)
-                defaultRealm = gssEapGetDefaultRealm(krbContext);
+    if (code == KRB5_PARSE_MALFORMED) {
+        char *defaultRealm = NULL;
+        int parseFlags = 0;
  
-            /* If no default realm, leave the realm empty in the parsed name */
-            if (defaultRealm == NULL || defaultRealm[0] == '\0')
-                parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM;
+        /* Possibly append the default EAP realm if required */
+        if (importFlags & IMPORT_FLAG_DEFAULT_REALM)
+            defaultRealm = gssEapGetDefaultRealm(krbContext);
  
-            code = krb5_parse_name_flags(krbContext, nameString, parseFlags, &krbPrinc);
+        /* If no default realm, leave the realm empty in the parsed name */
+        if (defaultRealm == NULL || defaultRealm[0] == '\0')
+            parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM;
+
+        code = krb5_parse_name_flags(krbContext, nameString, parseFlags, &krbPrinc);
  
  #ifdef HAVE_HEIMDAL_VERSION
-            if (code == 0 && KRB_PRINC_REALM(krbPrinc) == NULL) {
-                KRB_PRINC_REALM(krbPrinc) = GSSEAP_CALLOC(1, sizeof(char));
-                if (KRB_PRINC_REALM(krbPrinc) == NULL)
-                    code = ENOMEM;
-            }
+        if (code == 0 && KRB_PRINC_REALM(krbPrinc) == NULL) {
+            KRB_PRINC_REALM(krbPrinc) = GSSEAP_CALLOC(1, sizeof(char));
+            if (KRB_PRINC_REALM(krbPrinc) == NULL)
+                code = ENOMEM;
+        }
  #endif
  
-            if (defaultRealm != NULL)
-                GSSEAP_FREE(defaultRealm);
-        }
+        if (defaultRealm != NULL)
+            GSSEAP_FREE(defaultRealm);
+    }
  
+    if (nameBuffer != GSS_C_NO_BUFFER)
          GSSEAP_FREE(nameString);
  
-        if (code != 0) {
-            *minor = code;
-            return GSS_S_FAILURE;
-        }
+    if (code != 0) {
+        *minor = code;
+        return GSS_S_FAILURE;
      }
  
      assert(krbPrinc != NULL);
@@ -736,9 +733,7 @@ gssEapDisplayName(OM_uint32 *minor,
  
      krb5_free_unparsed_name(krbContext, krbName);
  
-    if (KRB_PRINC_TYPE(name->krbPrincipal) == KRB5_NT_WELLKNOWN &&
-        krb5_principal_compare(krbContext,
-                               name->krbPrincipal, krbAnonymousPrincipal())) {
+    if (output_name_buffer->length == 0) {
          name_type = GSS_C_NT_ANONYMOUS;
      } else {
          name_type = GSS_EAP_NT_EAP_NAME;
diff --git a/source_packages b/source_packages

index 39ee29e..8a841bd 100644 (file)
--- a/source_packages
+++ b/source_packages
@@ -9,3 +9,4 @@ libradsec/lib
  libeap
  jansson
  mech_eap
+#cyrus-sasl
author	Luke Howard <lukeh@padl.com>
	Thu, 31 Mar 2011 09:07:15 +0000 (20:07 +1100)
committer	Luke Howard <lukeh@padl.com>
	Thu, 31 Mar 2011 09:07:15 +0000 (20:07 +1100)
cyrus-sasl		patch \| blob \| history
mech_eap/TODO		patch \| blob \| history
mech_eap/accept_sec_context.c		patch \| blob \| history
mech_eap/util.h		patch \| blob \| history
mech_eap/util_krb.c		patch \| blob \| history
mech_eap/util_name.c		patch \| blob \| history
source_packages		patch \| blob \| history