projects
/
moonshot.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
return GSS_S_CREDENTIALS_EXPIRED if credentials expired
[moonshot.git]
/
mech_eap
/
accept_sec_context.c
diff --git
a/mech_eap/accept_sec_context.c
b/mech_eap/accept_sec_context.c
index
5829ed9
..
d54ea48
100644
(file)
--- a/
mech_eap/accept_sec_context.c
+++ b/
mech_eap/accept_sec_context.c
@@
-72,7
+72,7
@@
acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_USER_NAME, 0, &vp);
major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_USER_NAME, 0, &vp);
- if (major == GSS_S_COMPLETE) {
+ if (major == GSS_S_COMPLETE
&& vp->length
) {
nameBuf.length = vp->length;
nameBuf.value = vp->vp_strvalue;
} else {
nameBuf.length = vp->length;
nameBuf.value = vp->vp_strvalue;
} else {
@@
-82,6
+82,7
@@
acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
major = gssEapImportName(minor, &nameBuf,
(ctx->gssFlags & GSS_C_ANON_FLAG) ?
GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME,
major = gssEapImportName(minor, &nameBuf,
(ctx->gssFlags & GSS_C_ANON_FLAG) ?
GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME,
+ ctx->mechanismUsed,
&ctx->initiatorName);
if (GSS_ERROR(major))
return major;
&ctx->initiatorName);
if (GSS_ERROR(major))
return major;
@@
-120,6
+121,11
@@
acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
+ if (ctx->expiryTime < time(NULL)) {
+ *minor = GSSEAP_CRED_EXPIRED;
+ return GSS_S_CREDENTIALS_EXPIRED;
+ }
+
*minor = 0;
return GSS_S_COMPLETE;
}
*minor = 0;
return GSS_S_COMPLETE;
}
@@
-272,7
+278,7
@@
importInitiatorIdentity(OM_uint32 *minor,
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
return gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
return gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
- &ctx->initiatorName);
+
ctx->mechanismUsed,
&ctx->initiatorName);
}
/*
}
/*
@@
-420,7
+426,7
@@
createRadiusHandle(OM_uint32 *minor,
assert(actx->radContext == NULL);
assert(actx->radConn == NULL);
assert(actx->radContext == NULL);
assert(actx->radConn == NULL);
- if (rs_context_create(&actx->radContext
, RS_DICT_FILE
) != 0) {
+ if (rs_context_create(&actx->radContext) != 0) {
*minor = GSSEAP_RADSEC_CONTEXT_FAILURE;
return GSS_S_FAILURE;
}
*minor = GSSEAP_RADSEC_CONTEXT_FAILURE;
return GSS_S_FAILURE;
}
@@
-442,6
+448,11
@@
createRadiusHandle(OM_uint32 *minor,
goto fail;
}
goto fail;
}
+ if (rs_context_init_freeradius_dict(actx->radContext, NULL) != 0) {
+ err = rs_err_ctx_pop(actx->radContext);
+ goto fail;
+ }
+
if (rs_conn_create(actx->radContext, &actx->radConn, configStanza) != 0) {
err = rs_err_conn_pop(actx->radConn);
goto fail;
if (rs_conn_create(actx->radContext, &actx->radConn, configStanza) != 0) {
err = rs_err_conn_pop(actx->radConn);
goto fail;
@@
-870,8
+881,14
@@
gss_accept_sec_context(OM_uint32 *minor,
goto cleanup;
if (mech_type != NULL) {
goto cleanup;
if (mech_type != NULL) {
- if (!gssEapInternalizeOid(ctx->mechanismUsed, mech_type))
- duplicateOid(&tmpMinor, ctx->mechanismUsed, mech_type);
+ OM_uint32 tmpMajor;
+
+ tmpMajor = gssEapCanonicalizeOid(&tmpMinor, ctx->mechanismUsed, 0, mech_type);
+ if (GSS_ERROR(tmpMajor)) {
+ major = tmpMajor;
+ *minor = tmpMinor;
+ goto cleanup;
+ }
}
if (ret_flags != NULL)
*ret_flags = ctx->gssFlags;
}
if (ret_flags != NULL)
*ret_flags = ctx->gssFlags;