- const gss_eap_shib_attr_provider *shib;
- const gss_eap_radius_attr_provider *radius;
- int authenticated, complete, more = -1;
- vector <string> attributeIds(1);
- SimpleAttribute *a;
-
- radius = static_cast<const gss_eap_radius_attr_provider *>(provider);
- shib = static_cast<const gss_eap_shib_attr_provider *>(data);
-
- assert(radius != NULL && shib != NULL);
-
- string attributeName =
- gss_eap_attr_ctx::composeAttributeName(ATTR_TYPE_RADIUS, attribute);
-
- attributeIds.push_back(attributeName);
- a = new SimpleAttribute(attributeIds);
- if (a == NULL)
- return false;
-
- while (more != 0) {
- gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor;
-
- if (!radius->getAttribute(attribute,
- &authenticated,
- &complete,
- &value,
- NULL,
- &more))
- return false;
-
- string attributeValue((char *)value.value, value.length);
- a->getValues().push_back(attributeValue);
-
- gss_release_buffer(&minor, &value);
+ OM_uint32 major;
+ gss_buffer_desc exportedCtx;
+ unsigned char *p;
+
+ assert(gssCtx->mechanismUsed != GSS_C_NO_OID);
+
+ major = gssEapExportSecContext(minor, gssCtx, &exportedCtx);
+ if (GSS_ERROR(major))
+ return major;
+
+ /*
+ * gss_import_sec_context expects the exported security context token
+ * to be tagged with the mechanism OID; in Heimdal and MIT, this is
+ * done by the mechglue, so if we are subverting the mechglue we need
+ * to add it ourselves.
+ */
+ mechContext->length = 4 + gssCtx->mechanismUsed->length + exportedCtx.length;
+ mechContext->value = p = (unsigned char *)GSSEAP_MALLOC(mechContext->length);
+ if (mechContext->value == NULL) {
+ gss_release_buffer(minor, &exportedCtx);
+ throw std::bad_alloc();