note sample radsec.conf

[mech_eap.orig] / wrap_iov.c

diff --git a/wrap_iov.c b/wrap_iov.c
index 10a3254..ed9be57 100644 (file)
--- a/wrap_iov.c
+++ b/wrap_iov.c
@@ -53,6 +53,10 @@
  * or implied warranty.
  */
 
+/*
+ * Message protection services: wrap with scatter-gather API.
+ */
+
 #include "gssapiP_eap.h"
 
 unsigned char
@@ -69,7 +73,7 @@ rfc4121Flags(gss_ctx_id_t ctx, int receiving)
     if (isAcceptor)
         flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
 
-    if ((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) &&
+    if ((ctx->flags & CTX_FLAG_KRB_REAUTH) &&
         (ctx->gssFlags & GSS_C_MUTUAL_FLAG))
         flags |= TOK_FLAG_ACCEPTOR_SUBKEY;
 
@@ -98,8 +102,10 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     size_t dataLen, assocDataLen;
     krb5_context krbContext;
 
-    if (ctx->encryptionType == ENCTYPE_NULL)
+    if (ctx->encryptionType == ENCTYPE_NULL) {
+        *minor = GSSEAP_KEY_UNAVAILABLE;
         return GSS_S_UNAVAILABLE;
+    }
 
     GSSEAP_KRB_INIT(&krbContext);
 
@@ -119,7 +125,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
     header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
     if (header == NULL) {
-        *minor = EINVAL;
+        *minor = GSSEAP_MISSING_IOV;
         return GSS_S_FAILURE;
     }
 
@@ -172,7 +178,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
             code = gssEapAllocIov(header, (size_t)gssHeaderLen);
         } else if (header->buffer.length < gssHeaderLen)
-            code = KRB5_BAD_MSIZE;
+            code = GSSEAP_WRONG_SIZE;
         if (code != 0)
             goto cleanup;
         outbuf = (unsigned char *)header->buffer.value;
@@ -182,7 +188,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
             if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
                 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
             else if (trailer->buffer.length < gssTrailerLen)
-                code = KRB5_BAD_MSIZE;
+                code = GSSEAP_WRONG_SIZE;
             if (code != 0)
                 goto cleanup;
             trailer->buffer.length = (size_t)gssTrailerLen;
@@ -245,7 +251,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
             code = gssEapAllocIov(header, (size_t)gssHeaderLen);
         else if (header->buffer.length < gssHeaderLen)
-            code = KRB5_BAD_MSIZE;
+            code = GSSEAP_WRONG_SIZE;
         if (code != 0)
             goto cleanup;
         outbuf = (unsigned char *)header->buffer.value;
@@ -255,7 +261,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
             if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
                 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
             else if (trailer->buffer.length < gssTrailerLen)
-                code = KRB5_BAD_MSIZE;
+                code = GSSEAP_WRONG_SIZE;
             if (code != 0)
                 goto cleanup;
             trailer->buffer.length = (size_t)gssTrailerLen;
@@ -307,6 +313,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     }
 
     code = 0;
+    if (conf_state != NULL)
+        *conf_state = conf_req_flag;
 
 cleanup:
     if (code != 0)
@@ -330,7 +338,12 @@ gss_wrap_iov(OM_uint32 *minor,
 
     if (ctx == GSS_C_NO_CONTEXT) {
         *minor = EINVAL;
-        return GSS_S_NO_CONTEXT;
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+    }
+
+    if (qop_req != GSS_C_QOP_DEFAULT) {
+        *minor = GSSEAP_UNKNOWN_QOP;
+        return GSS_S_UNAVAILABLE;
     }
 
     *minor = 0;
@@ -339,6 +352,7 @@ gss_wrap_iov(OM_uint32 *minor,
 
     if (!CTX_IS_ESTABLISHED(ctx)) {
         major = GSS_S_NO_CONTEXT;
+        *minor = GSSEAP_CONTEXT_INCOMPLETE;
         goto cleanup;
     }