X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_context.c;h=37edb638eaa986481987c43163145020c455d646;hb=aa3e3279477f71dbe2efb212cedea1c0929f25e8;hp=eff975ca502c5da151c5df5855ff5969f0e20a53;hpb=8d5242de8807f650fd9634fad250bf3d0d8dbbb2;p=mech_eap.orig

diff --git a/util_context.c b/util_context.c
index eff975c..37edb63 100644
--- a/util_context.c
+++ b/util_context.c
@@ -53,7 +53,7 @@ gssEapAllocContext(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
 
-    ctx->state = EAP_STATE_AUTHENTICATE;
+    ctx->state = EAP_STATE_IDENTITY;
 
     /*
      * Integrity, confidentiality, sequencing and replay detection are
@@ -74,16 +74,22 @@ gssEapAllocContext(OM_uint32 *minor,
 }
 
 static void
-releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx)
+releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
 {
     eap_peer_sm_deinit(ctx->eap);
 }
 
 static void
-releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx)
+releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
 {
-    eap_server_sm_deinit(ctx->eap);
-    tls_deinit(ctx->tlsContext);
+    OM_uint32 tmpMinor;
+
+    if (ctx->avps != NULL)
+        rc_avpair_free(ctx->avps);
+    if (ctx->radHandle != NULL)
+        rc_config_free(ctx->radHandle);
+
+    gss_release_buffer(&tmpMinor, &ctx->state);
 }
 
 OM_uint32
@@ -100,6 +106,11 @@ gssEapReleaseContext(OM_uint32 *minor,
 
     gssEapKerberosInit(&tmpMinor, &krbContext);
 
+#ifdef GSSEAP_ENABLE_REAUTH
+    if (ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) {
+        gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+    } else
+#endif
     if (CTX_IS_INITIATOR(ctx)) {
         releaseInitiatorContext(&ctx->initiatorCtx);
     } else {
@@ -110,7 +121,7 @@ gssEapReleaseContext(OM_uint32 *minor,
     gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
     gssEapReleaseName(&tmpMinor, &ctx->acceptorName);
     gss_release_oid(&tmpMinor, &ctx->mechanismUsed);
-    sequenceFree(&ctx->seqState);
+    sequenceFree(&tmpMinor, &ctx->seqState);
 
     GSSEAP_MUTEX_DESTROY(&ctx->mutex);
 
@@ -150,7 +161,7 @@ OM_uint32
 gssEapVerifyToken(OM_uint32 *minor,
                   gss_ctx_id_t ctx,
                   const gss_buffer_t inputToken,
-                  enum gss_eap_token_type tokenType,
+                  enum gss_eap_token_type *actualToken,
                   gss_buffer_t innerInputToken)
 {
     OM_uint32 major;
@@ -167,7 +178,8 @@ gssEapVerifyToken(OM_uint32 *minor,
         oid = &oidBuf;
     }
 
-    major = verifyTokenHeader(oid, &bodySize, &p, inputToken->length, tokenType);
+    major = verifyTokenHeader(minor, oid, &bodySize, &p,
+                              inputToken->length, actualToken);
     if (GSS_ERROR(major))
         return major;
 
@@ -188,3 +200,35 @@ gssEapVerifyToken(OM_uint32 *minor,
     *minor = 0;
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+gssEapContextTime(OM_uint32 *minor,
+                  gss_ctx_id_t context_handle,
+                  OM_uint32 *time_rec)
+{
+    if (context_handle == GSS_C_NO_CONTEXT) {
+        return GSS_S_NO_CONTEXT;
+    }
+
+    if (!CTX_IS_ESTABLISHED(context_handle)) {
+        return GSS_S_NO_CONTEXT;
+    }
+
+    *minor = 0;
+
+    if (context_handle->expiryTime == 0) {
+        *time_rec = GSS_C_INDEFINITE;
+    } else {
+        time_t now, lifetime;
+
+        time(&now);
+        lifetime = context_handle->expiryTime - now;
+        if (lifetime <= 0) {
+            *time_rec = 0;
+            return GSS_S_CONTEXT_EXPIRED;
+        }
+        *time_rec = lifetime;
+    }
+
+    return GSS_S_COMPLETE;
+}