104
104
gss_release_buffer(&tmpMinor, &cred->caCertificate);
105
105
gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint);
106
106
gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint);
107
gss_release_buffer(&tmpMinor, &cred->clientCertificate);
108
gss_release_buffer(&tmpMinor, &cred->privateKey);
108
110
#ifdef GSSEAP_ENABLE_REAUTH
109
111
if (cred->krbCredCache != NULL) {
542
* Currently only the privateKey path is exposed to the application
543
* (via gss_set_cred_option() or the third line in ~/.gss_eap_id).
544
* At some point in the future we may add support for setting the
545
* client certificate separately.
548
gssEapSetCredClientCertificate(OM_uint32 *minor,
550
const gss_buffer_t clientCert,
551
const gss_buffer_t privateKey)
553
OM_uint32 major, tmpMinor;
554
gss_buffer_desc newClientCert = GSS_C_EMPTY_BUFFER;
555
gss_buffer_desc newPrivateKey = GSS_C_EMPTY_BUFFER;
557
if (cred->flags & CRED_FLAG_RESOLVED) {
558
major = GSS_S_FAILURE;
559
*minor = GSSEAP_CRED_RESOLVED;
563
if (clientCert == GSS_C_NO_BUFFER &&
564
privateKey == GSS_C_NO_BUFFER) {
565
cred->flags &= ~(CRED_FLAG_CERTIFICATE);
566
major = GSS_S_COMPLETE;
571
if (clientCert != GSS_C_NO_BUFFER) {
572
major = duplicateBuffer(minor, clientCert, &newClientCert);
573
if (GSS_ERROR(major))
577
if (privateKey != GSS_C_NO_BUFFER) {
578
major = duplicateBuffer(minor, privateKey, &newPrivateKey);
579
if (GSS_ERROR(major))
583
cred->flags |= CRED_FLAG_CERTIFICATE;
585
gss_release_buffer(&tmpMinor, &cred->clientCertificate);
586
cred->clientCertificate = newClientCert;
588
gss_release_buffer(&tmpMinor, &cred->privateKey);
589
cred->privateKey = newPrivateKey;
591
major = GSS_S_COMPLETE;
595
if (GSS_ERROR(major)) {
596
gss_release_buffer(&tmpMinor, &newClientCert);
597
gss_release_buffer(&tmpMinor, &newPrivateKey);
540
604
gssEapSetCredService(OM_uint32 *minor,
541
605
gss_cred_id_t cred,
620
684
duplicateBufferOrCleanup(&src->subjectNameConstraint, &dst->subjectNameConstraint);
621
685
if (src->subjectAltNameConstraint.value != NULL)
622
686
duplicateBufferOrCleanup(&src->subjectAltNameConstraint, &dst->subjectAltNameConstraint);
687
if (src->clientCertificate.value != NULL)
688
duplicateBufferOrCleanup(&src->clientCertificate, &dst->clientCertificate);
689
if (src->privateKey.value != NULL)
690
duplicateBufferOrCleanup(&src->privateKey, &dst->privateKey);
624
692
#ifdef GSSEAP_ENABLE_REAUTH
625
693
/* XXX krbCredCache, reauthCred */
738
806
/* If we have a caller-supplied password, the credential is resolved. */
739
if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) {
807
if ((resolvedCred->flags &
808
(CRED_FLAG_PASSWORD | CRED_FLAG_CERTIFICATE)) == 0) {
740
809
major = GSS_S_CRED_UNAVAIL;
741
810
*minor = GSSEAP_NO_DEFAULT_CRED;