#define SM_FLAG_TRANSITED 0x80000000
#define SM_ASSERT_VALID(ctx, status) do { \
- assert(GSS_ERROR((status)) || \
+ GSSEAP_ASSERT(GSS_ERROR((status)) || \
((status) == GSS_S_CONTINUE_NEEDED && ((ctx)->state > GSSEAP_STATE_INITIAL && (ctx)->state < GSSEAP_STATE_ESTABLISHED)) || \
((status) == GSS_S_COMPLETE && (ctx)->state == GSSEAP_STATE_ESTABLISHED)); \
} while (0)
void
gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state)
{
- assert(state >= GSSEAP_STATE_INITIAL);
- assert(state <= GSSEAP_STATE_ESTABLISHED);
+ GSSEAP_ASSERT(state >= GSSEAP_STATE_INITIAL);
+ GSSEAP_ASSERT(state <= GSSEAP_STATE_ESTABLISHED);
fprintf(stderr, "GSS-EAP: state transition %s->%s\n",
gssEapStateToString(GSSEAP_SM_STATE(ctx)),
unsigned char errorData[8];
gss_buffer_desc errorBuffer;
- assert(GSS_ERROR(majorStatus));
+ GSSEAP_ASSERT(GSS_ERROR(majorStatus));
/*
* Only return error codes that the initiator could have caused,
minorStatus = GSSEAP_RADIUS_PROT_FAILURE;
} else if (!IS_WIRE_ERROR(minorStatus)) {
/* Don't return non-wire error codes */
- return GSS_S_COMPLETE;
+ minorStatus = 0;
}
- minorStatus -= ERROR_TABLE_BASE_eapg;
+ if (minorStatus != 0)
+ minorStatus -= ERROR_TABLE_BASE_eapg;
store_uint32_be(majorStatus, &errorData[0]);
store_uint32_be(minorStatus, &errorData[4]);
return major;
}
+ token->buffers.count = 1;
token->types[0] = ITOK_TYPE_CONTEXT_ERR | ITOK_FLAG_CRITICAL;
*minor = 0;
gssEapSmStep(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech,
OM_uint32 reqFlags,
OM_uint32 timeReq,
int initialContextToken = 0;
enum gss_eap_token_type tokType;
- assert(smCount > 0);
+ GSSEAP_ASSERT(smCount > 0);
*minor = 0;
goto cleanup;
}
- assert(ctx->state < GSSEAP_STATE_ESTABLISHED);
+ GSSEAP_ASSERT(ctx->state < GSSEAP_STATE_ESTABLISHED);
major = gssEapDecodeInnerTokens(minor, &unwrappedInputToken, &inputTokens);
if (GSS_ERROR(major))
if (innerOutputToken.value != NULL) {
outputTokens.buffers.elements[outputTokens.buffers.count] = innerOutputToken;
- assert(smp->outputTokenType != ITOK_TYPE_NONE);
+ GSSEAP_ASSERT(smp->outputTokenType != ITOK_TYPE_NONE);
outputTokens.types[outputTokens.buffers.count] = smp->outputTokenType;
if (smFlags & SM_FLAG_OUTPUT_TOKEN_CRITICAL)
outputTokens.types[outputTokens.buffers.count] |= ITOK_FLAG_CRITICAL;
}
}
- assert(outputTokens.buffers.count <= smCount);
+ GSSEAP_ASSERT(outputTokens.buffers.count <= smCount);
/* Check we understood all critical tokens sent by peer */
if (!GSS_ERROR(major)) {
}
/* If the context is established, empty tokens only to be emitted by initiator */
- assert(!CTX_IS_ESTABLISHED(ctx) || ((outputToken->length == 0) == CTX_IS_INITIATOR(ctx)));
+ GSSEAP_ASSERT(!CTX_IS_ESTABLISHED(ctx) || ((outputToken->length == 0) == CTX_IS_INITIATOR(ctx)));
SM_ASSERT_VALID(ctx, major);