Make reassembled PKCS11 names parseable

The reassembled names used "," as a separator between attributes, when
passed-in values use ":".  This was due to the original submitter being
confused - they weren't intended to be different.

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index ec6db2d136287eb1ca7982aca5de6aee62656c11..26901986b66025440d82457b021100a2af798e77 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -2057,23 +2057,23 @@ reassemble_pkcs11_name(PLArenaPool *pool, pkinit_identity_opts *idopts)
     k5_buf_add(&buf, "PKCS11:");
     n = 0;
     if (idopts->p11_module_name != NULL) {
-        k5_buf_add_fmt(&buf, "%smodule_name=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%smodule_name=%s", n++ ? ":" : "",
                        idopts->p11_module_name);
     }
     if (idopts->token_label != NULL) {
-        k5_buf_add_fmt(&buf, "%stoken=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%stoken=%s", n++ ? ":" : "",
                        idopts->token_label);
     }
     if (idopts->cert_label != NULL) {
-        k5_buf_add_fmt(&buf, "%scertlabel=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%scertlabel=%s", n++ ? ":" : "",
                        idopts->cert_label);
     }
     if (idopts->cert_id_string != NULL) {
-        k5_buf_add_fmt(&buf, "%scertid=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%scertid=%s", n++ ? ":" : "",
                        idopts->cert_id_string);
     }
     if (idopts->slotid != PK_NOSLOT) {
-        k5_buf_add_fmt(&buf, "%sslotid=%ld", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%sslotid=%ld", n++ ? ":" : "",
                        (long)idopts->slotid);
     }
     if (k5_buf_len(&buf) >= 0)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index ee94f088ccad14fc41521fea3402d16a9096e639..a706911973632955ee65f491e3ce04103365c8ea 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4514,23 +4514,23 @@ reassemble_pkcs11_name(pkinit_identity_opts *idopts)
     k5_buf_add(&buf, "PKCS11:");
     n = 0;
     if (idopts->p11_module_name != NULL) {
-        k5_buf_add_fmt(&buf, "%smodule_name=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%smodule_name=%s", n++ ? ":" : "",
                        idopts->p11_module_name);
     }
     if (idopts->token_label != NULL) {
-        k5_buf_add_fmt(&buf, "%stoken=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%stoken=%s", n++ ? ":" : "",
                        idopts->token_label);
     }
     if (idopts->cert_label != NULL) {
-        k5_buf_add_fmt(&buf, "%scertlabel=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%scertlabel=%s", n++ ? ":" : "",
                        idopts->cert_label);
     }
     if (idopts->cert_id_string != NULL) {
-        k5_buf_add_fmt(&buf, "%scertid=%s", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%scertid=%s", n++ ? ":" : "",
                        idopts->cert_id_string);
     }
     if (idopts->slotid != PK_NOSLOT) {
-        k5_buf_add_fmt(&buf, "%sslotid=%ld", n++ ? "," : "",
+        k5_buf_add_fmt(&buf, "%sslotid=%ld", n++ ? ":" : "",
                        (long)idopts->slotid);
     }
     if (k5_buf_len(&buf) >= 0)