From 529d2a8eff4ac2a9f74754b8215169b90953a5b0 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 18 Mar 2011 17:13:37 +1100 Subject: [PATCH] Revert "Don't include @ symbol in realmless names, to conform with draft-ietf-abfab-gss-eap" This reverts commit 6334d087058e30c9fb8686fd307b9c84323f2a4d. --- mech_eap/init_sec_context.c | 44 +++++++++++++++++--------------------------- mech_eap/util_name.c | 16 +--------------- 2 files changed, 18 insertions(+), 42 deletions(-) diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index 6694756..a731833 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -199,17 +199,13 @@ peerConfigInit(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx) { - OM_uint32 major; krb5_context krbContext; struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig; - gss_buffer_desc identity = GSS_C_EMPTY_BUFFER; - gss_buffer_desc anonymousIdentity = GSS_C_EMPTY_BUFFER; - ssize_t i; + krb5_error_code code; + char *identity, *anonymousIdentity; eapPeerConfig->identity = NULL; eapPeerConfig->identity_len = 0; - eapPeerConfig->anonymous_identity = NULL; - eapPeerConfig->anonymous_identity_len = 0; eapPeerConfig->password = NULL; eapPeerConfig->password_len = 0; @@ -229,29 +225,20 @@ peerConfigInit(OM_uint32 *minor, return GSS_S_BAD_NAME; } - major = gssEapDisplayName(minor, cred->name, &identity, NULL); - if (GSS_ERROR(major)) - return major; - - assert(identity.length > 0); - - for (i = identity.length - 1; i >= 0; i--) { - unsigned char *p = (unsigned char *)identity.value + i; - - if (*p == '@') { - anonymousIdentity.length = identity.length - i; - anonymousIdentity.value = p; - break; - } + code = krb5_unparse_name(krbContext, cred->name->krbPrincipal, &identity); + if (code != 0) { + *minor = code; + return GSS_S_FAILURE; } - if (anonymousIdentity.length == 0) - anonymousIdentity.value = ""; + anonymousIdentity = strchr(identity, '@'); + if (anonymousIdentity == NULL) + anonymousIdentity = ""; - eapPeerConfig->identity = (unsigned char *)identity.value; - eapPeerConfig->identity_len = identity.length; - eapPeerConfig->anonymous_identity = (unsigned char *)anonymousIdentity.value; - eapPeerConfig->anonymous_identity_len = anonymousIdentity.length; + eapPeerConfig->identity = (unsigned char *)identity; + eapPeerConfig->identity_len = strlen(identity); + eapPeerConfig->anonymous_identity = (unsigned char *)anonymousIdentity; + eapPeerConfig->anonymous_identity_len = strlen(anonymousIdentity); eapPeerConfig->password = (unsigned char *)cred->password.value; eapPeerConfig->password_len = cred->password.length; @@ -263,9 +250,12 @@ static OM_uint32 peerConfigFree(OM_uint32 *minor, gss_ctx_id_t ctx) { + krb5_context krbContext; struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig; - GSSEAP_FREE(eapPeerConfig->identity); + GSSEAP_KRB_INIT(&krbContext); + + krb5_free_unparsed_name(krbContext, (char *)eapPeerConfig->identity); *minor = 0; return GSS_S_COMPLETE; diff --git a/mech_eap/util_name.c b/mech_eap/util_name.c index c11c5bf..e52bb4e 100644 --- a/mech_eap/util_name.c +++ b/mech_eap/util_name.c @@ -689,7 +689,6 @@ gssEapDisplayName(OM_uint32 *minor, krb5_context krbContext; char *krbName; gss_OID name_type; - int flags = 0; GSSEAP_KRB_INIT(&krbContext); @@ -701,20 +700,7 @@ gssEapDisplayName(OM_uint32 *minor, return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; } - /* - * According to draft-ietf-abfab-gss-eap-01, when the realm is - * absent the trailing '@' is not included. - */ -#ifdef HAVE_HEIMDAL_VERSION - if (KRB_PRINC_REALM(name->krbPrincipal) == NULL || - KRB_PRINC_REALM(name->krBPrincipal)[0] == '\0') -#else - if (KRB_PRINC_REALM(name->krbPrincipal)->length == 0) -#endif - flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; - - *minor = krb5_unparse_name_flags(krbContext, name->krbPrincipal, - flags, &krbName); + *minor = krb5_unparse_name(krbContext, name->krbPrincipal, &krbName); if (*minor != 0) { return GSS_S_FAILURE; } -- 2.1.4