From: Luke Howard <lukeh@padl.com>
Date: Fri, 18 Mar 2011 06:42:11 +0000 (+1100)
Subject: derive anonymous identity directly from realm
X-Git-Tag: tr-beta1~309
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=moonshot.git;a=commitdiff_plain;h=79ec7337b1a5014f49fd10df8f15c988e807dfc6

derive anonymous identity directly from realm

this avoids any escaping errors
---

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 6694756..3194f99 100644
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -203,8 +203,7 @@ peerConfigInit(OM_uint32 *minor,
     krb5_context krbContext;
     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
     gss_buffer_desc identity = GSS_C_EMPTY_BUFFER;
-    gss_buffer_desc anonymousIdentity = GSS_C_EMPTY_BUFFER;
-    ssize_t i;
+    gss_buffer_desc realm = GSS_C_EMPTY_BUFFER;
 
     eapPeerConfig->identity = NULL;
     eapPeerConfig->identity_len = 0;
@@ -229,29 +228,29 @@ peerConfigInit(OM_uint32 *minor,
         return GSS_S_BAD_NAME;
     }
 
+    /* identity */
     major = gssEapDisplayName(minor, cred->name, &identity, NULL);
     if (GSS_ERROR(major))
         return major;
 
-    assert(identity.length > 0);
+    eapPeerConfig->identity = (unsigned char *)identity.value;
+    eapPeerConfig->identity_len = identity.length;
 
-    for (i = identity.length - 1; i >= 0; i--) {
-        unsigned char *p = (unsigned char *)identity.value + i;
+    krbPrincRealmToGssBuffer(cred->name->krbPrincipal, &realm);
 
-        if (*p == '@') {
-            anonymousIdentity.length = identity.length - i;
-            anonymousIdentity.value = p;
-            break;
-        }
+    /* anonymous_identity */
+    eapPeerConfig->anonymous_identity = GSSEAP_MALLOC(realm.length + 2);
+    if (eapPeerConfig->anonymous_identity == NULL) {
+        *minor = ENOMEM;
+        return GSS_S_FAILURE;
     }
 
-    if (anonymousIdentity.length == 0)
-        anonymousIdentity.value = "";
+    eapPeerConfig->anonymous_identity[0] = '@';
+    memcpy(eapPeerConfig->anonymous_identity + 1, realm.value, realm.length);
+    eapPeerConfig->anonymous_identity[1 + realm.length] = '\0';
+    eapPeerConfig->anonymous_identity_len = 1 + realm.length;
 
-    eapPeerConfig->identity = (unsigned char *)identity.value;
-    eapPeerConfig->identity_len = identity.length;
-    eapPeerConfig->anonymous_identity = (unsigned char *)anonymousIdentity.value;
-    eapPeerConfig->anonymous_identity_len = anonymousIdentity.length;
+    /* password */
     eapPeerConfig->password = (unsigned char *)cred->password.value;
     eapPeerConfig->password_len = cred->password.length;
 
@@ -265,7 +264,17 @@ peerConfigFree(OM_uint32 *minor,
 {
     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
 
-    GSSEAP_FREE(eapPeerConfig->identity);
+    if (eapPeerConfig->identity != NULL) {
+        GSSEAP_FREE(eapPeerConfig->identity);
+        eapPeerConfig->identity = NULL;
+        eapPeerConfig->identity_len = 0;
+    }
+
+    if (eapPeerConfig->anonymous_identity != NULL) {
+        GSSEAP_FREE(eapPeerConfig->anonymous_identity);
+        eapPeerConfig->anonymous_identity = NULL;
+        eapPeerConfig->anonymous_identity_len = 0;
+    }
 
     *minor = 0;
     return GSS_S_COMPLETE;