Use anonymous name if we have not initiator identity

author Luke Howard <lukeh@padl.com>

Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)

committer Luke Howard <lukeh@padl.com>

Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)
author Luke Howard <lukeh@padl.com>
Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)
committer Luke Howard <lukeh@padl.com>
Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)
diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c

index e35ce5f..f686a3c 100644 (file)
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -74,7 +74,9 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
          ctx->gssFlags |= GSS_C_ANON_FLAG;
      }
  
-    major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
+    major = gssEapImportName(minor, &nameBuf,
+                             (ctx->gssFlags & GSS_C_ANON_FLAG) ?
+                                GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME,
                               &ctx->initiatorName);
      if (GSS_ERROR(major))
          return major;
@@ -630,6 +632,9 @@ gss_accept_sec_context(OM_uint32 *minor,
      output_token->length = 0;
      output_token->value = NULL;
  
+    if (src_name != NULL)
+        *src_name = GSS_C_NO_NAME;
+
      if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
          *minor = GSSEAP_TOK_TRUNC;
          return GSS_S_DEFECTIVE_TOKEN;
author	Luke Howard <lukeh@padl.com>
	Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)
committer	Luke Howard <lukeh@padl.com>
	Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)