static OM_uint32
gssEapImportPartialContext(OM_uint32 *minor,
- unsigned char **pBuf,
- size_t *pRemain,
- gss_ctx_id_t ctx)
+ unsigned char **pBuf,
+ size_t *pRemain,
+ gss_ctx_id_t ctx)
{
+ OM_uint32 major;
unsigned char *p = *pBuf;
size_t remain = *pRemain;
gss_buffer_desc buf;
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
-
buf.length = load_uint32_be(p);
- if (buf.length != 0) {
- *minor = EINVAL;
+ if (remain < buf.length) {
+ *minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
+
}
+ buf.value = &p[4];
+
+ major = duplicateBuffer(minor, &buf, &ctx->acceptorCtx.state);
+ if (GSS_ERROR(major))
+ return major;
+
+ *pBuf += 4 + buf.length;
+ *pRemain -= 4 + buf.length;
- *minor = 0;
return GSS_S_COMPLETE;
}
importKerberosKey(OM_uint32 *minor,
unsigned char **pBuf,
size_t *pRemain,
+ krb5_cksumtype *checksumType,
+ krb5_enctype *pEncryptionType,
krb5_keyblock *key)
{
unsigned char *p = *pBuf;
OM_uint32 length;
gss_buffer_desc tmp;
- if (remain < 8) {
+ if (remain < 12) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
- encryptionType = load_uint32_be(&p[0]);
- length = load_uint32_be(&p[4]);
+ *checksumType = load_uint32_be(&p[0]);
+ encryptionType = load_uint32_be(&p[4]);
+ length = load_uint32_be(&p[8]);
if ((length != 0) != (encryptionType != ENCTYPE_NULL)) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
- if (remain - 8 < length) {
+ if (remain - 12 < length) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
- if (load_buffer(&p[8], length, &tmp) == NULL) {
+ if (load_buffer(&p[12], length, &tmp) == NULL) {
*minor = ENOMEM;
return GSS_S_FAILURE;
}
KRB_KEY_LENGTH(key) = tmp.length;
KRB_KEY_DATA(key) = (unsigned char *)tmp.value;
- *pBuf += 8 + length;
- *pRemain -= 8 + length;
+ *pBuf += 12 + length;
+ *pRemain -= 12 + length;
+ *pEncryptionType = encryptionType;
*minor = 0;
return GSS_S_COMPLETE;
tmp.value = p + 4;
- major = gssEapImportName(minor, &tmp, GSS_C_NT_EXPORT_NAME, pName);
+ major = gssEapImportNameInternal(minor, &tmp, pName,
+ EXPORT_NAME_FLAG_COMPOSITE);
if (GSS_ERROR(major))
return major;
}
remain -= 16;
/* Validate state */
- if (ctx->state < EAP_STATE_AUTHENTICATE ||
+ if (ctx->state < EAP_STATE_IDENTITY ||
ctx->state > EAP_STATE_ESTABLISHED)
return GSS_S_DEFECTIVE_TOKEN;
if (GSS_ERROR(major))
return major;
- major = importKerberosKey(minor, &p, &remain, &ctx->rfc3961Key);
+ major = importKerberosKey(minor, &p, &remain,
+ &ctx->checksumType,
+ &ctx->encryptionType,
+ &ctx->rfc3961Key);
if (GSS_ERROR(major))
return major;
- ctx->encryptionType = KRB_KEY_TYPE(&ctx->rfc3961Key);
-
major = importName(minor, &p, &remain, &ctx->initiatorName);
if (GSS_ERROR(major))
return major;
p += 24;
remain -= 24;
- *minor = sequenceInternalize(&ctx->seqState, &p, &remain);
- if (*minor != 0)
- return GSS_S_FAILURE;
+ major = sequenceInternalize(minor, &ctx->seqState, &p, &remain);
+ if (GSS_ERROR(major))
+ return major;
/*
* The partial context should only be expected for unestablished
return major;
}
+#ifdef GSSEAP_DEBUG
assert(remain == 0);
+#endif
*minor = 0;
major = GSS_S_COMPLETE;