~hartmans/moonshot/mech_eap-debian-dep-fix

« back to all changes in this revision

Viewing changes to mech_eap/util_cred.c

Committer: Sam Hartman
Date: 2013-09-27 12:52:03 UTC
mfrom: (1.10.131)
Revision ID: git-v1:b2002998eebfaec7e080c64b7c583150478dfaa4

Merge branch 'master' into debian

Conflicts:
libeap/Makefile.am

Show diffs side-by-side

added added

removed removed

mech_eap/util_cred.c

104

gss_release_buffer(&tmpMinor, &cred->caCertificate);

105

gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint);

106

gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint);

107

gss_release_buffer(&tmpMinor, &cred->clientCertificate);

108

gss_release_buffer(&tmpMinor, &cred->privateKey);

107

109

108

110

#ifdef GSSEAP_ENABLE_REAUTH

109

111

if (cred->krbCredCache != NULL) {

536

538

return major;

537

539

}

538

540

541

542

* Currently only the privateKey path is exposed to the application

543

* (via gss_set_cred_option() or the third line in ~/.gss_eap_id).

544

* At some point in the future we may add support for setting the

545

* client certificate separately.

546

547

OM_uint32

548

gssEapSetCredClientCertificate(OM_uint32 *minor,

549

gss_cred_id_t cred,

550

const gss_buffer_t clientCert,

551

const gss_buffer_t privateKey)

552

{

553

OM_uint32 major, tmpMinor;

554

gss_buffer_desc newClientCert = GSS_C_EMPTY_BUFFER;

555

gss_buffer_desc newPrivateKey = GSS_C_EMPTY_BUFFER;

556

557

if (cred->flags & CRED_FLAG_RESOLVED) {

558

major = GSS_S_FAILURE;

559

*minor = GSSEAP_CRED_RESOLVED;

560

goto cleanup;

561

}

562

563

if (clientCert == GSS_C_NO_BUFFER &&

564

privateKey == GSS_C_NO_BUFFER) {

565

cred->flags &= ~(CRED_FLAG_CERTIFICATE);

566

major = GSS_S_COMPLETE;

567

*minor = 0;

568

goto cleanup;

569

}

570

571

if (clientCert != GSS_C_NO_BUFFER) {

572

major = duplicateBuffer(minor, clientCert, &newClientCert);

573

if (GSS_ERROR(major))

574

goto cleanup;

575

}

576

577

if (privateKey != GSS_C_NO_BUFFER) {

578

major = duplicateBuffer(minor, privateKey, &newPrivateKey);

579

if (GSS_ERROR(major))

580

goto cleanup;

581

}

582

583

cred->flags |= CRED_FLAG_CERTIFICATE;

584

585

gss_release_buffer(&tmpMinor, &cred->clientCertificate);

586

cred->clientCertificate = newClientCert;

587

588

gss_release_buffer(&tmpMinor, &cred->privateKey);

589

cred->privateKey = newPrivateKey;

590

591

major = GSS_S_COMPLETE;

592

*minor = 0;

593

594

cleanup:

595

if (GSS_ERROR(major)) {

596

gss_release_buffer(&tmpMinor, &newClientCert);

597

gss_release_buffer(&tmpMinor, &newPrivateKey);

598

}

599

600

return major;

601

}

602

539

603

OM_uint32

540

604

gssEapSetCredService(OM_uint32 *minor,

541

605

gss_cred_id_t cred,

620

684

duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint);

621

685

if (src->subjectAltNameConstraint.value != NULL)

622

686

duplicateBufferOrCleanup(&src->subjectAltNameConstraint, &dst->subjectAltNameConstraint);

687

if (src->clientCertificate.value != NULL)

688

duplicateBufferOrCleanup(&src->clientCertificate, &dst->clientCertificate);

689

if (src->privateKey.value != NULL)

690

duplicateBufferOrCleanup(&src->privateKey, &dst->privateKey);

623

691

624

692

#ifdef GSSEAP_ENABLE_REAUTH

625

693

/* XXX krbCredCache, reauthCred */

736

804

goto cleanup;

737

805

738

806

/* If we have a caller-supplied password, the credential is resolved. */

739

if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) {

807

if ((resolvedCred->flags &

808

(CRED_FLAG_PASSWORD | CRED_FLAG_CERTIFICATE)) == 0) {

740

809

major = GSS_S_CRED_UNAVAIL;

741

810

*minor = GSSEAP_NO_DEFAULT_CRED;

742

811

goto cleanup;

Older »