X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_context.c;h=03bad1c44bd393d2173eed37bab63cc46ef2a7bf;hb=ae79fdae047f980d01b2b4e84ccea52e24d8c7a0;hp=ea5d80d872ff8d264c339385e65b198456082cd1;hpb=9d35654ac8815ed59bb0df16740aec337a620e65;p=mech_eap.orig diff --git a/util_context.c b/util_context.c index ea5d80d..03bad1c 100644 --- a/util_context.c +++ b/util_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,6 +30,10 @@ * SUCH DAMAGE. */ +/* + * Utility routines for context handles. + */ + #include "gssapiP_eap.h" OM_uint32 @@ -53,7 +57,7 @@ gssEapAllocContext(OM_uint32 *minor, return GSS_S_FAILURE; } - ctx->state = EAP_STATE_AUTHENTICATE; + ctx->state = GSSEAP_STATE_INITIAL; /* * Integrity, confidentiality, sequencing and replay detection are @@ -74,19 +78,25 @@ gssEapAllocContext(OM_uint32 *minor, } static void -releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx) +releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx) { eap_peer_sm_deinit(ctx->eap); } static void -releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx) +releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx) { -#ifdef BUILTIN_EAP - eap_server_sm_deinit(ctx->eap); - if (ctx->tlsContext != NULL) - tls_deinit(ctx->tlsContext); -#endif + OM_uint32 tmpMinor; + + if (ctx->radConn != NULL) + rs_conn_destroy(ctx->radConn); + if (ctx->radContext != NULL) + rs_context_destroy(ctx->radContext); + if (ctx->radServer != NULL) + GSSEAP_FREE(ctx->radServer); + gss_release_buffer(&tmpMinor, &ctx->state); + if (ctx->vps != NULL) + gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps); } OM_uint32 @@ -103,6 +113,11 @@ gssEapReleaseContext(OM_uint32 *minor, gssEapKerberosInit(&tmpMinor, &krbContext); +#ifdef GSSEAP_ENABLE_REAUTH + if (ctx->flags & CTX_FLAG_KRB_REAUTH) { + gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER); + } else +#endif if (CTX_IS_INITIATOR(ctx)) { releaseInitiatorContext(&ctx->initiatorCtx); } else { @@ -112,8 +127,9 @@ gssEapReleaseContext(OM_uint32 *minor, krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key); gssEapReleaseName(&tmpMinor, &ctx->initiatorName); gssEapReleaseName(&tmpMinor, &ctx->acceptorName); - gss_release_oid(&tmpMinor, &ctx->mechanismUsed); + gssEapReleaseOid(&tmpMinor, &ctx->mechanismUsed); sequenceFree(&tmpMinor, &ctx->seqState); + gssEapReleaseCred(&tmpMinor, &ctx->defaultCred); GSSEAP_MUTEX_DESTROY(&ctx->mutex); @@ -153,7 +169,7 @@ OM_uint32 gssEapVerifyToken(OM_uint32 *minor, gss_ctx_id_t ctx, const gss_buffer_t inputToken, - enum gss_eap_token_type tokenType, + enum gss_eap_token_type *actualToken, gss_buffer_t innerInputToken) { OM_uint32 major; @@ -171,13 +187,15 @@ gssEapVerifyToken(OM_uint32 *minor, } major = verifyTokenHeader(minor, oid, &bodySize, &p, - inputToken->length, tokenType); + inputToken->length, actualToken); if (GSS_ERROR(major)) - return GSS_S_DEFECTIVE_TOKEN; + return major; if (ctx->mechanismUsed == GSS_C_NO_OID) { - if (!gssEapIsConcreteMechanismOid(oid)) + if (!gssEapIsConcreteMechanismOid(oid)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; + } if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) { major = duplicateOid(minor, oid, &ctx->mechanismUsed); @@ -192,3 +210,27 @@ gssEapVerifyToken(OM_uint32 *minor, *minor = 0; return GSS_S_COMPLETE; } + +OM_uint32 +gssEapContextTime(OM_uint32 *minor, + gss_ctx_id_t context_handle, + OM_uint32 *time_rec) +{ + *minor = 0; + + if (context_handle->expiryTime == 0) { + *time_rec = GSS_C_INDEFINITE; + } else { + time_t now, lifetime; + + time(&now); + lifetime = context_handle->expiryTime - now; + if (lifetime <= 0) { + *time_rec = 0; + return GSS_S_CONTEXT_EXPIRED; + } + *time_rec = lifetime; + } + + return GSS_S_COMPLETE; +}