X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=accept_sec_context.c;h=723c93244b449c3a1fc508e458127831377bf8b3;hb=d683d523c7b4b88a15423069520221ac575376e1;hp=129fd6443649700cc057358207b86d654363f59f;hpb=18297a779cead5282473589275a8ce65da061394;p=mech_eap.orig diff --git a/accept_sec_context.c b/accept_sec_context.c index 129fd64..723c932 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -42,10 +42,10 @@ static OM_uint32 eapGssSmAcceptGssReauth(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, - gss_name_t target __attribute__((__unused__)), - gss_OID mech __attribute__((__unused__)), - OM_uint32 reqFlags __attribute__((__unused__)), - OM_uint32 timeReq __attribute__((__unused__)), + gss_name_t target, + gss_OID mech, + OM_uint32 reqFlags, + OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, @@ -124,6 +124,34 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred) return GSS_S_COMPLETE; } +static OM_uint32 +eapGssSmAcceptAcceptorName(OM_uint32 *minor, + gss_cred_id_t cred, + gss_ctx_id_t ctx, + gss_name_t target, + gss_OID mech, + OM_uint32 reqFlags, + OM_uint32 timeReq, + gss_channel_bindings_t chanBindings, + gss_buffer_t inputToken, + gss_buffer_t outputToken, + OM_uint32 *smFlags) +{ + OM_uint32 major; + + /* XXX TODO import and validate name from inputToken */ + + if (ctx->acceptorName != GSS_C_NO_NAME) { + /* Send desired target name to acceptor */ + major = gssEapDisplayName(minor, ctx->acceptorName, + outputToken, NULL); + if (GSS_ERROR(major)) + return major; + } + + return GSS_S_CONTINUE_NEEDED; +} + #ifdef GSSEAP_DEBUG static OM_uint32 eapGssSmAcceptVendorInfo(OM_uint32 *minor, @@ -138,7 +166,7 @@ eapGssSmAcceptVendorInfo(OM_uint32 *minor, gss_buffer_t outputToken, OM_uint32 *smFlags) { - fprintf(stderr, "GSS-EAP: vendor %.*s\n", + fprintf(stderr, "GSS-EAP: vendor: %.*s\n", (int)inputToken->length, (char *)inputToken->value); return GSS_S_CONTINUE_NEEDED; @@ -154,11 +182,11 @@ static OM_uint32 eapGssSmAcceptIdentity(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, - gss_name_t target __attribute__((__unused__)), - gss_OID mech __attribute__((__unused__)), - OM_uint32 reqFlags __attribute__((__unused__)), - OM_uint32 timeReq __attribute__((__unused__)), - gss_channel_bindings_t chanBindings __attribute__((__unused__)), + gss_name_t target, + gss_OID mech, + OM_uint32 reqFlags, + OM_uint32 timeReq, + gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags) @@ -177,14 +205,6 @@ eapGssSmAcceptIdentity(OM_uint32 *minor, return GSS_S_DEFECTIVE_TOKEN; } - assert(ctx->acceptorName == GSS_C_NO_NAME); - - if (cred->name != GSS_C_NO_NAME) { - major = gssEapDuplicateName(minor, cred->name, &ctx->acceptorName); - if (GSS_ERROR(major)) - return major; - } - reqData = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, 0, EAP_CODE_REQUEST, 0); if (reqData == NULL) { @@ -446,10 +466,10 @@ static OM_uint32 eapGssSmAcceptAuthenticate(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, - gss_name_t target __attribute__((__unused__)), - gss_OID mech __attribute__((__unused__)), - OM_uint32 reqFlags __attribute__((__unused__)), - OM_uint32 timeReq __attribute__((__unused__)), + gss_name_t target, + gss_OID mech, + OM_uint32 reqFlags, + OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, @@ -580,10 +600,10 @@ static OM_uint32 eapGssSmAcceptGssChannelBindings(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, - gss_name_t target __attribute__((__unused__)), - gss_OID mech __attribute__((__unused__)), - OM_uint32 reqFlags __attribute__((__unused__)), - OM_uint32 timeReq __attribute__((__unused__)), + gss_name_t target, + gss_OID mech, + OM_uint32 reqFlags, + OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, @@ -623,11 +643,11 @@ static OM_uint32 eapGssSmAcceptReauthCreds(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, - gss_name_t target __attribute__((__unused__)), - gss_OID mech __attribute__((__unused__)), - OM_uint32 reqFlags __attribute__((__unused__)), - OM_uint32 timeReq __attribute__((__unused__)), - gss_channel_bindings_t chanBindings __attribute__((__unused__)), + gss_name_t target, + gss_OID mech, + OM_uint32 reqFlags, + OM_uint32 timeReq, + gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken, OM_uint32 *smFlags) @@ -690,6 +710,13 @@ eapGssSmAcceptCompleteAcceptorExts(OM_uint32 *minor, } static struct gss_eap_sm eapGssAcceptorSm[] = { + { + ITOK_TYPE_ACCEPTOR_NAME_REQ, + ITOK_TYPE_ACCEPTOR_NAME_RESP, + GSSEAP_STATE_INITIAL, + 0, + eapGssSmAcceptAcceptorName + }, #ifdef GSSEAP_DEBUG { ITOK_TYPE_VENDOR_INFO, @@ -813,6 +840,12 @@ gss_accept_sec_context(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&cred->mutex); + if (cred->name != GSS_C_NO_NAME) { + major = gssEapDuplicateName(minor, cred->name, &ctx->acceptorName); + if (GSS_ERROR(major)) + goto cleanup; + } + major = gssEapSmStep(minor, cred, ctx, @@ -850,7 +883,7 @@ gss_accept_sec_context(OM_uint32 *minor, } } - assert(ctx->state == GSSEAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED); + assert(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED); cleanup: if (cred != GSS_C_NO_CREDENTIAL) @@ -878,12 +911,6 @@ acceptReadyKrb(OM_uint32 *minor, if (GSS_ERROR(major)) return major; - if (cred->name != GSS_C_NO_NAME) { - major = gssEapDuplicateName(minor, cred->name, &ctx->acceptorName); - if (GSS_ERROR(major)) - return major; - } - major = gssEapReauthComplete(minor, ctx, cred, mech, timeRec); if (GSS_ERROR(major)) return major; @@ -896,10 +923,10 @@ static OM_uint32 eapGssSmAcceptGssReauth(OM_uint32 *minor, gss_cred_id_t cred, gss_ctx_id_t ctx, - gss_name_t target __attribute__((__unused__)), + gss_name_t target, gss_OID mech, - OM_uint32 reqFlags __attribute__((__unused__)), - OM_uint32 timeReq __attribute__((__unused__)), + OM_uint32 reqFlags, + OM_uint32 timeReq, gss_channel_bindings_t chanBindings, gss_buffer_t inputToken, gss_buffer_t outputToken,