X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_context.c;h=0020ef6643c62acdb9954ec97f6640734d775445;hb=7db57acddeddad5f96d16288b3776baf6c10c0b1;hp=99c9405b584723f6eaaeffc29981446b38a7dabb;hpb=cff9dae64ddb2ead188889c9164961bd364e8cd2;p=mech_eap.orig diff --git a/util_context.c b/util_context.c index 99c9405..0020ef6 100644 --- a/util_context.c +++ b/util_context.c @@ -30,6 +30,10 @@ * SUCH DAMAGE. */ +/* + * Utility routines for context handles. + */ + #include "gssapiP_eap.h" OM_uint32 @@ -53,7 +57,7 @@ gssEapAllocContext(OM_uint32 *minor, return GSS_S_FAILURE; } - ctx->state = EAP_STATE_AUTHENTICATE; + ctx->state = GSSEAP_STATE_IDENTITY; /* * Integrity, confidentiality, sequencing and replay detection are @@ -82,10 +86,17 @@ releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx) static void releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx) { - if (ctx->avps != NULL) - rc_avpair_free(ctx->avps); - if (ctx->radHandle != NULL) - rc_config_free(ctx->radHandle); + OM_uint32 tmpMinor; + + if (ctx->radConn != NULL) + rs_conn_destroy(ctx->radConn); + if (ctx->radContext != NULL) + rs_context_destroy(ctx->radContext); + if (ctx->radServer != NULL) + GSSEAP_FREE(ctx->radServer); + gss_release_buffer(&tmpMinor, &ctx->state); + if (ctx->vps != NULL) + gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps); } OM_uint32 @@ -102,6 +113,11 @@ gssEapReleaseContext(OM_uint32 *minor, gssEapKerberosInit(&tmpMinor, &krbContext); +#ifdef GSSEAP_ENABLE_REAUTH + if (ctx->flags & CTX_FLAG_KRB_REAUTH) { + gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER); + } else +#endif if (CTX_IS_INITIATOR(ctx)) { releaseInitiatorContext(&ctx->initiatorCtx); } else { @@ -111,8 +127,9 @@ gssEapReleaseContext(OM_uint32 *minor, krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key); gssEapReleaseName(&tmpMinor, &ctx->initiatorName); gssEapReleaseName(&tmpMinor, &ctx->acceptorName); - gss_release_oid(&tmpMinor, &ctx->mechanismUsed); + gssEapReleaseOid(&tmpMinor, &ctx->mechanismUsed); sequenceFree(&tmpMinor, &ctx->seqState); + gssEapReleaseCred(&tmpMinor, &ctx->defaultCred); GSSEAP_MUTEX_DESTROY(&ctx->mutex); @@ -152,7 +169,7 @@ OM_uint32 gssEapVerifyToken(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t inputToken, - enum gss_eap_token_type tokenType, + enum gss_eap_token_type *actualToken, gss_buffer_t innerInputToken) { OM_uint32 major; @@ -170,13 +187,15 @@ gssEapVerifyToken(OM_uint32 *minor, } major = verifyTokenHeader(minor, oid, &bodySize, &p, - inputToken->length, tokenType); + inputToken->length, actualToken); if (GSS_ERROR(major)) - return GSS_S_DEFECTIVE_TOKEN; + return major; if (ctx->mechanismUsed == GSS_C_NO_OID) { - if (!gssEapIsConcreteMechanismOid(oid)) + if (!gssEapIsConcreteMechanismOid(oid)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; + } if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) { major = duplicateOid(minor, oid, &ctx->mechanismUsed); @@ -191,3 +210,25 @@ gssEapVerifyToken(OM_uint32 *minor, *minor = 0; return GSS_S_COMPLETE; } + +OM_uint32 +gssEapContextTime(OM_uint32 *minor, + gss_ctx_id_t context_handle, + OM_uint32 *time_rec) +{ + if (context_handle->expiryTime == 0) { + *time_rec = GSS_C_INDEFINITE; + } else { + time_t now, lifetime; + + time(&now); + lifetime = context_handle->expiryTime - now; + if (lifetime <= 0) { + *time_rec = 0; + return GSS_S_CONTEXT_EXPIRED; + } + *time_rec = lifetime; + } + + return GSS_S_COMPLETE; +}