static OM_uint32
gssEapImportPartialContext(OM_uint32 *minor,
- unsigned char **pBuf,
- size_t *pRemain,
- gss_ctx_id_t ctx)
+ unsigned char **pBuf,
+ size_t *pRemain,
+ gss_ctx_id_t ctx)
{
unsigned char *p = *pBuf;
size_t remain = *pRemain;
importKerberosKey(OM_uint32 *minor,
unsigned char **pBuf,
size_t *pRemain,
+ krb5_cksumtype *checksumType,
+ krb5_enctype *pEncryptionType,
krb5_keyblock *key)
{
unsigned char *p = *pBuf;
OM_uint32 length;
gss_buffer_desc tmp;
- if (remain < 8) {
+ if (remain < 12) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
- encryptionType = load_uint32_be(&p[0]);
- length = load_uint32_be(&p[4]);
+ *checksumType = load_uint32_be(&p[0]);
+ encryptionType = load_uint32_be(&p[4]);
+ length = load_uint32_be(&p[8]);
if ((length != 0) != (encryptionType != ENCTYPE_NULL)) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
- if (remain - 8 < length) {
+ if (remain - 12 < length) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
- if (load_buffer(&p[8], length, &tmp) == NULL) {
+ if (load_buffer(&p[12], length, &tmp) == NULL) {
*minor = ENOMEM;
return GSS_S_FAILURE;
}
KRB_KEY_LENGTH(key) = tmp.length;
KRB_KEY_DATA(key) = (unsigned char *)tmp.value;
- *pBuf += 8 + length;
- *pRemain -= 8 + length;
+ *pBuf += 12 + length;
+ *pRemain -= 12 + length;
+ *pEncryptionType = encryptionType;
*minor = 0;
return GSS_S_COMPLETE;
tmp.value = p + 4;
- major = gssEapImportName(minor, &tmp, GSS_C_NT_EXPORT_NAME, pName);
+ major = gssEapImportNameInternal(minor, &tmp, pName,
+ EXPORT_NAME_FLAG_COMPOSITE);
if (GSS_ERROR(major))
return major;
}
remain -= 16;
/* Validate state */
- if (ctx->state < EAP_STATE_AUTHENTICATE ||
+ if (ctx->state < EAP_STATE_IDENTITY ||
ctx->state > EAP_STATE_ESTABLISHED)
return GSS_S_DEFECTIVE_TOKEN;
if (GSS_ERROR(major))
return major;
- major = importKerberosKey(minor, &p, &remain, &ctx->rfc3961Key);
+ major = importKerberosKey(minor, &p, &remain,
+ &ctx->checksumType,
+ &ctx->encryptionType,
+ &ctx->rfc3961Key);
if (GSS_ERROR(major))
return major;
- ctx->encryptionType = KRB_KEY_TYPE(&ctx->rfc3961Key);
-
major = importName(minor, &p, &remain, &ctx->initiatorName);
if (GSS_ERROR(major))
return major;
p += 24;
remain -= 24;
- *minor = sequenceInternalize(&ctx->seqState, &p, &remain);
- if (*minor != 0)
- return GSS_S_FAILURE;
+ major = sequenceInternalize(minor, &ctx->seqState, &p, &remain);
+ if (GSS_ERROR(major))
+ return major;
/*
* The partial context should only be expected for unestablished
return major;
}
+#ifdef GSSEAP_DEBUG
assert(remain == 0);
+#endif
*minor = 0;
major = GSS_S_COMPLETE;