@SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS)
mech_eap_la_LDFLAGS = -avoid-version -module \
-export-symbols mech_eap.exports -no-undefined \
- @EAP_LDFLAGS@ @RADSEC_LDFLAGS@ @TARGET_LDFLAGS@
+ @RADSEC_LDFLAGS@ @TARGET_LDFLAGS@
mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \
@SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@
mech_eap_la_SOURCES = \
accept_sec_context.c \
+ authorize_localname.c \
acquire_cred.c \
acquire_cred_with_password.c \
add_cred.c \
--- /dev/null
+/*
+ * Copyright (c) 2011, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Local authorization services.
+ */
+
+#include "gssapiP_eap.h"
+
+OM_uint32
+gssspi_authorize_localname(OM_uint32 *minor,
+ const gss_name_t name GSSEAP_UNUSED,
+ gss_const_buffer_t local_user GSSEAP_UNUSED,
+ gss_const_OID local_nametype GSSEAP_UNUSED)
+{
+ /*
+ * The MIT mechglue will fallback to comparing names in the absence
+ * of a mechanism implementation of gss_userok. To avoid this and
+ * force the mechglue to use attribute-based authorization, always
+ * return access denied here.
+ */
+
+ *minor = 0;
+ return GSS_S_UNAUTHORIZED;
+}
projects / moonshot.git / commitdiff