don't store count in exported RADIUS attrs

[mech_eap.git] / import_sec_context.c

diff --git a/import_sec_context.c b/import_sec_context.c
index 968de8f..202be3d 100644 (file)
--- a/import_sec_context.c
+++ b/import_sec_context.c
@@ -32,29 +32,69 @@
 
 #include "gssapiP_eap.h"
 
+#define UPDATE_REMAIN(n)    do {            \
+        p += (n);                           \
+        remain -= (n);                      \
+    } while (0)
+
+#define CHECK_REMAIN(n)     do {            \
+        if (remain < (n)) {                 \
+            *minor = ERANGE;                \
+            return GSS_S_DEFECTIVE_TOKEN;   \
+        }                                   \
+    } while (0)
+
 static OM_uint32
 gssEapImportPartialContext(OM_uint32 *minor,
-                          unsigned char **pBuf,
-                          size_t *pRemain,
-                          gss_ctx_id_t ctx)
+                           unsigned char **pBuf,
+                           size_t *pRemain,
+                           gss_ctx_id_t ctx)
 {
+    OM_uint32 major;
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     gss_buffer_desc buf;
+    size_t serverLen;
 
-    if (remain < 4) {
-        *minor = ERANGE;
-        return GSS_S_DEFECTIVE_TOKEN;
+    /* Selected RADIUS server */
+    CHECK_REMAIN(4);
+    serverLen = load_uint32_be(p);
+    UPDATE_REMAIN(4);
+
+    if (serverLen != 0) {
+        CHECK_REMAIN(serverLen);
+
+        ctx->acceptorCtx.radServer = GSSEAP_MALLOC(serverLen + 1);
+        if (ctx->acceptorCtx.radServer == NULL) {
+            *minor = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+        memcpy(ctx->acceptorCtx.radServer, p, serverLen);
+        ctx->acceptorCtx.radServer[serverLen] = '\0';
+
+        UPDATE_REMAIN(serverLen);
     }
 
+    /* RADIUS state blob */
+    CHECK_REMAIN(4);
     buf.length = load_uint32_be(p);
+    UPDATE_REMAIN(4);
 
     if (buf.length != 0) {
-        *minor = EINVAL;
-        return GSS_S_DEFECTIVE_TOKEN;
+        CHECK_REMAIN(buf.length);
+
+        buf.value = p;
+
+        major = duplicateBuffer(minor, &buf, &ctx->acceptorCtx.state);
+        if (GSS_ERROR(major))
+            return major;
+
+        UPDATE_REMAIN(buf.length);
     }
 
-    *minor = 0;
+    *pBuf = p;
+    *pRemain = remain;
+
     return GSS_S_COMPLETE;
 }
 
@@ -98,6 +138,8 @@ static OM_uint32
 importKerberosKey(OM_uint32 *minor,
                   unsigned char **pBuf,
                   size_t *pRemain,
+                  krb5_cksumtype *checksumType,
+                  krb5_enctype *pEncryptionType,
                   krb5_keyblock *key)
 {
     unsigned char *p = *pBuf;
@@ -106,25 +148,26 @@ importKerberosKey(OM_uint32 *minor,
     OM_uint32 length;
     gss_buffer_desc tmp;
 
-    if (remain < 8) {
+    if (remain < 12) {
         *minor = ERANGE;
         return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    encryptionType = load_uint32_be(&p[0]);
-    length         = load_uint32_be(&p[4]);
+    *checksumType  = load_uint32_be(&p[0]);
+    encryptionType = load_uint32_be(&p[4]);
+    length         = load_uint32_be(&p[8]);
 
     if ((length != 0) != (encryptionType != ENCTYPE_NULL)) {
         *minor = ERANGE;
         return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    if (remain - 8 < length) {
+    if (remain - 12 < length) {
         *minor = ERANGE;
         return GSS_S_DEFECTIVE_TOKEN;
     }
 
-    if (load_buffer(&p[8], length, &tmp) == NULL) {
+    if (load_buffer(&p[12], length, &tmp) == NULL) {
         *minor = ENOMEM;
         return GSS_S_FAILURE;
     }
@@ -133,8 +176,9 @@ importKerberosKey(OM_uint32 *minor,
     KRB_KEY_LENGTH(key) = tmp.length;
     KRB_KEY_DATA(key)   = (unsigned char *)tmp.value;
 
-    *pBuf    += 8 + length;
-    *pRemain -= 8 + length;
+    *pBuf    += 12 + length;
+    *pRemain -= 12 + length;
+    *pEncryptionType = encryptionType;
 
     *minor = 0;
     return GSS_S_COMPLETE;
@@ -165,7 +209,8 @@ importName(OM_uint32 *minor,
 
         tmp.value = p + 4;
 
-        major = gssEapImportName(minor, &tmp, GSS_C_NT_EXPORT_NAME, pName);
+        major = gssEapImportNameInternal(minor, &tmp, pName,
+                                         EXPORT_NAME_FLAG_COMPOSITE);
         if (GSS_ERROR(major))
             return major;
     }
@@ -201,7 +246,7 @@ gssEapImportContext(OM_uint32 *minor,
     remain -= 16;
 
     /* Validate state */
-    if (ctx->state < EAP_STATE_AUTHENTICATE ||
+    if (ctx->state < EAP_STATE_IDENTITY ||
         ctx->state > EAP_STATE_ESTABLISHED)
         return GSS_S_DEFECTIVE_TOKEN;
 
@@ -213,12 +258,13 @@ gssEapImportContext(OM_uint32 *minor,
     if (GSS_ERROR(major))
         return major;
 
-    major = importKerberosKey(minor, &p, &remain, &ctx->rfc3961Key);
+    major = importKerberosKey(minor, &p, &remain,
+                              &ctx->checksumType,
+                              &ctx->encryptionType,
+                              &ctx->rfc3961Key);
     if (GSS_ERROR(major))
         return major;
 
-    ctx->encryptionType = KRB_KEY_TYPE(&ctx->rfc3961Key);
-
     major = importName(minor, &p, &remain, &ctx->initiatorName);
     if (GSS_ERROR(major))
         return major;
@@ -244,21 +290,25 @@ gssEapImportContext(OM_uint32 *minor,
     p      += 24;
     remain -= 24;
 
-    *minor = sequenceInternalize(&ctx->seqState, &p, &remain);
-    if (*minor != 0)
-        return GSS_S_FAILURE;
+    major = sequenceInternalize(minor, &ctx->seqState, &p, &remain);
+    if (GSS_ERROR(major))
+        return major;
 
     /*
      * The partial context should only be expected for unestablished
      * acceptor contexts.
      */
     if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) {
+        assert((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) == 0);
+
         major = gssEapImportPartialContext(minor, &p, &remain, ctx);
         if (GSS_ERROR(major))
             return major;
     }
 
+#ifdef GSSEAP_DEBUG
     assert(remain == 0);
+#endif
 
     *minor = 0;
     major = GSS_S_COMPLETE;
@@ -274,6 +324,7 @@ gss_import_sec_context(OM_uint32 *minor,
     OM_uint32 major, tmpMinor;
     gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
 
+    *minor = 0;
     *context_handle = GSS_C_NO_CONTEXT;
 
     if (interprocess_token == GSS_C_NO_BUFFER ||