/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* SUCH DAMAGE.
*/
+/*
+ * Serialise a security context. On the acceptor, this may be partially
+ * established.
+ */
+
#include "gssapiP_eap.h"
static OM_uint32
char serverBuf[MAXHOSTNAMELEN];
if (ctx->acceptorCtx.radConn != NULL) {
- if (rs_conn_get_current_server(ctx->acceptorCtx.radConn,
- serverBuf, sizeof(serverBuf)) != 0) {
+ if (rs_conn_get_current_peer(ctx->acceptorCtx.radConn,
+ serverBuf, sizeof(serverBuf)) != 0) {
+#if 0
return gssEapRadiusMapError(minor,
rs_err_conn_pop(ctx->acceptorCtx.radConn));
+#else
+ serverBuf[0] = '\0'; /* not implemented yet */
+#endif
}
serverLen = strlen(serverBuf);
}
token->value = GSSEAP_MALLOC(length);
if (token->value == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
token->length = length;
assert(p == (unsigned char *)token->value + token->length);
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+
cleanup:
if (GSS_ERROR(major))
gss_release_buffer(&tmpMinor, token);
return major;
}
-static OM_uint32
+OM_uint32
gssEapExportSecContext(OM_uint32 *minor,
gss_ctx_id_t ctx,
- gss_buffer_t token)
+ gss_buffer_t token,
+ OM_uint32 flags)
{
OM_uint32 major, tmpMinor;
size_t length;
unsigned char *p;
if ((CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) ||
- ctx->mechanismUsed == GSS_C_NO_OID)
+ ctx->mechanismUsed == GSS_C_NO_OID) {
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
return GSS_S_NO_CONTEXT;
+ }
key.length = KRB_KEY_LENGTH(&ctx->rfc3961Key);
key.value = KRB_KEY_DATA(&ctx->rfc3961Key);
if (ctx->initiatorName != GSS_C_NO_NAME) {
+ OM_uint32 nameFlags = EXPORT_NAME_FLAG_COMPOSITE;
+
+ if (flags & EXPORT_CTX_FLAG_DISABLE_LOCAL_ATTRS)
+ nameFlags |= EXPORT_NAME_FLAG_DISABLE_LOCAL_ATTRS;
+
major = gssEapExportNameInternal(minor, ctx->initiatorName,
- &initiatorName,
- EXPORT_NAME_FLAG_COMPOSITE);
+ &initiatorName, nameFlags);
if (GSS_ERROR(major))
goto cleanup;
}
+
if (ctx->acceptorName != GSS_C_NO_NAME) {
major = gssEapExportNameInternal(minor, ctx->acceptorName,
&acceptorName,
* contexts.
*/
if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) {
- assert((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) == 0);
+ assert((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
major = gssEapExportPartialContext(minor, ctx, &partialCtx);
if (GSS_ERROR(major))
token->value = GSSEAP_MALLOC(length);
if (token->value == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
token->length = length;
p = (unsigned char *)token->value;
store_uint32_be(EAP_EXPORT_CONTEXT_V1, &p[0]); /* version */
- store_uint32_be(ctx->state, &p[4]);
+ store_uint32_be(GSSEAP_SM_STATE(ctx), &p[4]);
store_uint32_be(ctx->flags, &p[8]);
store_uint32_be(ctx->gssFlags, &p[12]);
p = store_oid(ctx->mechanismUsed, &p[16]);
if (ctx == GSS_C_NO_CONTEXT) {
*minor = EINVAL;
- return GSS_S_NO_CONTEXT;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
}
*minor = 0;
GSSEAP_MUTEX_LOCK(&ctx->mutex);
- major = gssEapExportSecContext(minor, ctx, interprocess_token);
+ major = gssEapExportSecContext(minor, ctx, interprocess_token, 0);
if (GSS_ERROR(major)) {
GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
return major;