* SUCH DAMAGE.
*/
+/*
+ * Utility routines for context handles.
+ */
+
#include "gssapiP_eap.h"
OM_uint32
return GSS_S_FAILURE;
}
- ctx->state = EAP_STATE_AUTHENTICATE;
+ ctx->state = EAP_STATE_IDENTITY;
/*
* Integrity, confidentiality, sequencing and replay detection are
}
static void
-releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx)
+releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
{
+ OM_uint32 minor;
+
+ gssEapReleaseCred(&minor, &ctx->defaultCred);
eap_peer_sm_deinit(ctx->eap);
}
static void
-releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx)
+releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
{
- eap_server_sm_deinit(ctx->eap);
- tls_deinit(ctx->tlsContext);
+ OM_uint32 tmpMinor;
+
+ if (ctx->radConn != NULL)
+ rs_conn_destroy(ctx->radConn);
+ if (ctx->radContext != NULL)
+ rs_context_destroy(ctx->radContext);
+ if (ctx->radServer != NULL)
+ GSSEAP_FREE(ctx->radServer);
+ gss_release_buffer(&tmpMinor, &ctx->state);
+ if (ctx->vps != NULL)
+ gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps);
}
OM_uint32
gssEapKerberosInit(&tmpMinor, &krbContext);
+#ifdef GSSEAP_ENABLE_REAUTH
+ if (ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) {
+ gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+ } else
+#endif
if (CTX_IS_INITIATOR(ctx)) {
releaseInitiatorContext(&ctx->initiatorCtx);
} else {
gssEapVerifyToken(OM_uint32 *minor,
gss_ctx_id_t ctx,
const gss_buffer_t inputToken,
- enum gss_eap_token_type tokenType,
+ enum gss_eap_token_type *actualToken,
gss_buffer_t innerInputToken)
{
OM_uint32 major;
}
major = verifyTokenHeader(minor, oid, &bodySize, &p,
- inputToken->length, tokenType);
+ inputToken->length, actualToken);
if (GSS_ERROR(major))
- return GSS_S_DEFECTIVE_TOKEN;
+ return major;
if (ctx->mechanismUsed == GSS_C_NO_OID) {
- if (!gssEapIsConcreteMechanismOid(oid))
+ if (!gssEapIsConcreteMechanismOid(oid)) {
+ *minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
+ }
if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) {
major = duplicateOid(minor, oid, &ctx->mechanismUsed);
*minor = 0;
return GSS_S_COMPLETE;
}
+
+OM_uint32
+gssEapContextTime(OM_uint32 *minor,
+ gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec)
+{
+ if (context_handle->expiryTime == 0) {
+ *time_rec = GSS_C_INDEFINITE;
+ } else {
+ time_t now, lifetime;
+
+ time(&now);
+ lifetime = context_handle->expiryTime - now;
+ if (lifetime <= 0) {
+ *time_rec = 0;
+ return GSS_S_CONTEXT_EXPIRED;
+ }
+ *time_rec = lifetime;
+ }
+
+ return GSS_S_COMPLETE;
+}