more ISC work

diff --git a/mech_eap/context_time.c b/mech_eap/context_time.c
index 8f111d6..ee330f1 100644 (file)
--- a/mech_eap/context_time.c
+++ b/mech_eap/context_time.c
@@ -37,8 +37,6 @@ gss_context_time(OM_uint32 *minor,
                  gss_ctx_id_t context_handle,
                  OM_uint32 *time_rec)
 {
-    time_t now, lifetime;
-
     if (context_handle == GSS_C_NO_CONTEXT) {
         return GSS_S_NO_CONTEXT;
     }
@@ -49,13 +47,19 @@ gss_context_time(OM_uint32 *minor,
 
     *minor = 0;
 
-    time(&now);
-    lifetime = context_handle->expiryTime - now;
-    if (lifetime <= 0) {
-        *time_rec = 0;
-        return GSS_S_CONTEXT_EXPIRED;
+    if (context_handle->expiryTime == 0) {
+        *time_rec = GSS_C_INDEFINITE;
+    } else {
+        time_t now, lifetime;
+
+        time(&now);
+        lifetime = context_handle->expiryTime - now;
+        if (lifetime <= 0) {
+            *time_rec = 0;
+            return GSS_S_CONTEXT_EXPIRED;
+        }
+        *time_rec = lifetime;
     }
 
-    *time_rec = lifetime;
     return GSS_S_COMPLETE;
 }

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 5729842..b52a00e 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -151,7 +151,44 @@ eapGssSmAuthenticate(OM_uint32 *minor,
                      gss_buffer_t input_token,
                      gss_buffer_t output_token)
 {
-    GSSEAP_NOT_IMPLEMENTED;
+    OM_uint32 major, tmpMinor;
+    time_t now;
+
+    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+        /* first time */
+        req_flags &= GSS_C_TRANS_FLAG | GSS_C_REPLAY_FLAG | GSS_C_DCE_STYLE;
+        ctx->gssFlags |= req_flags;
+
+        time(&now);
+
+        if (time_req == 0 || time_req == GSS_C_INDEFINITE)
+            ctx->expiryTime = 0;
+        else
+            ctx->expiryTime = now + time_req;
+
+        major = gss_duplicate_name(minor, cred->name, &ctx->initiatorName);
+        if (GSS_ERROR(major))
+            goto cleanup;
+
+        major = gss_duplicate_name(minor, target_name, &ctx->acceptorName);
+        if (GSS_ERROR(major))
+            goto cleanup;
+
+        if (mech_type == GSS_C_NULL_OID ||
+            oidEqual(mech_type, GSS_EAP_MECHANISM)) {
+            major = gssEapDefaultMech(minor, &ctx->mechanismUsed);
+        } else if (gssEapIsMechanismOid(mech_type)) {
+            if (!gssEapInternalizeOid(mech_type, &ctx->mechanismUsed))
+                major = duplicateOid(minor, mech_type, &ctx->mechanismUsed);
+        } else {
+            major = GSS_S_BAD_MECH;
+        }
+        if (GSS_ERROR(major))
+            goto cleanup;
+    }
+
+cleanup:
+    return major;
 }
 
 static eap_gss_initiator_sm eapGssSm[] = {
@@ -199,6 +236,8 @@ gss_init_sec_context(OM_uint32 *minor,
         major = gssEapAllocContext(minor, &ctx);
         if (GSS_ERROR(major))
             goto cleanup;
+
+        *pCtx = ctx;
     }
 
     for (; ctx->state != EAP_STATE_ESTABLISHED; ctx->state++) {
@@ -220,8 +259,10 @@ gss_init_sec_context(OM_uint32 *minor,
         }
     }
 
-    if (actual_mech_type != NULL)
-        *actual_mech_type = ctx->mechanismUsed;
+    if (actual_mech_type != NULL) {
+        if (!gssEapInternalizeOid(ctx->mechanismUsed, actual_mech_type))
+            duplicateOid(&tmpMinor, ctx->mechanismUsed, actual_mech_type);
+    }
     if (ret_flags != NULL)
         *ret_flags = ctx->gssFlags;
     if (time_rec != NULL)
@@ -231,7 +272,7 @@ gss_init_sec_context(OM_uint32 *minor,
 
 cleanup:
     if (GSS_ERROR(major))
-        gssEapReleaseContext(&tmpMinor, &ctx);
+        gssEapReleaseContext(&tmpMinor, pCtx);
 
     return major;
 }

diff --git a/mech_eap/inquire_context.c b/mech_eap/inquire_context.c
index d1143e8..abe6c62 100644 (file)
--- a/mech_eap/inquire_context.c
+++ b/mech_eap/inquire_context.c
@@ -65,16 +65,16 @@ gss_inquire_context(OM_uint32 *minor,
     }
 
     if (lifetime_rec != NULL) {
-        time_t now = time(NULL);
-        time_t lifetime;
+        time_t now, lifetime;
 
-        if (ctx->expiryTime == ~0)
+        if (ctx->expiryTime == 0) {
             lifetime = GSS_C_INDEFINITE;
-        else
+        } else {
+            now = time(NULL);
             lifetime = now - ctx->expiryTime;
-
-        if (lifetime < 0)
-            lifetime = 0;
+            if (lifetime < 0)
+                lifetime = 0;
+        }
 
         *lifetime_rec = lifetime;
     }

diff --git a/mech_eap/inquire_cred.c b/mech_eap/inquire_cred.c
index 986bdf6..e2d8371 100644 (file)
--- a/mech_eap/inquire_cred.c
+++ b/mech_eap/inquire_cred.c
@@ -49,16 +49,16 @@ gss_inquire_cred(OM_uint32 *minor,
     }
 
     if (pLifetime != NULL) {
-        time_t now = time(NULL);
-        time_t lifetime; 
+        time_t now, lifetime; 
  
-        if (cred->expiryTime == ~0) 
+        if (cred->expiryTime == 0) {
             lifetime = GSS_C_INDEFINITE; 
-        else 
+        } else  {
+            now = time(NULL);
             lifetime = now - cred->expiryTime;
-
-        if (lifetime < 0)
-            lifetime = 0;
+            if (lifetime < 0)
+                lifetime = 0;
+        }
 
         *pLifetime = lifetime;
     }

diff --git a/mech_eap/release_oid.c b/mech_eap/release_oid.c
index 874efc2..768555d 100644 (file)
--- a/mech_eap/release_oid.c
+++ b/mech_eap/release_oid.c
@@ -39,9 +39,7 @@ gss_internal_release_oid(OM_uint32 *minor,
     OM_uint32 major;
     gss_OID internalizedOid = GSS_C_NO_OID;
 
-    gssEapInternalizeOid(*oid, &internalizedOid);
-
-    if (*oid != internalizedOid) {
+    if (gssEapInternalizeOid(*oid, &internalizedOid)) {
         /* OID was internalized, so we can mark it as "freed" */
         *oid = GSS_C_NO_OID;
         return GSS_S_COMPLETE;

diff --git a/mech_eap/util.h b/mech_eap/util.h
index 2a098d7..c9fd543 100644 (file)
--- a/mech_eap/util.h
+++ b/mech_eap/util.h
@@ -155,7 +155,7 @@ gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
     } while (0)
 
 /* util_mech.c */
-void
+int
 gssEapInternalizeOid(const gss_OID oid,
                      gss_OID *const pInternalizedOid);
 
@@ -234,6 +234,11 @@ decomposeOid(OM_uint32 *minor_status,
              int *suffix) ;
 
 OM_uint32
+duplicateOid(OM_uint32 *minor_status,
+             const gss_OID_desc * const oid,
+             gss_OID *new_oid);
+
+OM_uint32
 duplicateOidSet(OM_uint32 *minor,
                 const gss_OID_set src,
                 gss_OID_set *dst);

diff --git a/mech_eap/util_context.c b/mech_eap/util_context.c
index 33324de..0375108 100644 (file)
--- a/mech_eap/util_context.c
+++ b/mech_eap/util_context.c
@@ -55,6 +55,18 @@ gssEapAllocContext(OM_uint32 *minor,
 
     ctx->state = EAP_STATE_AUTHENTICATE;
 
+    /*
+     * Integrity, confidentiality, sequencing and replay detection are
+     * always available.  Regardless of what flags are requested in
+     * GSS_Init_sec_context, implementations MUST set the flag corresponding
+     * to these services in the output of GSS_Init_sec_context and
+     * GSS_Accept_sec_context.
+    */
+    ctx->gssFlags = GSS_C_INTEG_FLAG    |
+                    GSS_C_CONF_FLAG     |
+                    GSS_C_SEQUENCE_FLAG |
+                    GSS_C_REPLAY_FLAG;
+
     *pCtx = ctx;
 
     return GSS_S_COMPLETE;

diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c
index 984ebac..7e659f6 100644 (file)
--- a/mech_eap/util_cred.c
+++ b/mech_eap/util_cred.c
@@ -52,8 +52,6 @@ gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
         return GSS_S_FAILURE;
     }
 
-    cred->expiryTime = ~0;
-
     *pCred = cred;
 
     *minor = 0;

diff --git a/mech_eap/util_mech.c b/mech_eap/util_mech.c
index be83f5e..4aece80 100644 (file)
--- a/mech_eap/util_mech.c
+++ b/mech_eap/util_mech.c
@@ -223,8 +223,7 @@ gssEapDefaultMech(OM_uint32 *minor,
         return GSS_S_BAD_MECH;
     }
 
-    gssEapInternalizeOid(&mechs->elements[0], oid);
-    if (*oid == &mechs->elements[0]) {
+    if (!gssEapInternalizeOid(&mechs->elements[0], oid)) {
         /* don't double-free if we didn't internalize it */
         mechs->elements[0].length = 0;
         mechs->elements[0].elements = NULL;
@@ -236,7 +235,7 @@ gssEapDefaultMech(OM_uint32 *minor,
     return GSS_S_COMPLETE;
 }
 
-void
+int
 gssEapInternalizeOid(const gss_OID oid,
                      gss_OID *const pInternalizedOid)
 {
@@ -260,5 +259,8 @@ gssEapInternalizeOid(const gss_OID oid,
 
     if (*pInternalizedOid == GSS_C_NO_OID) {
         *pInternalizedOid = oid;
+        return 0;
     }
+
+    return 1;
 }

diff --git a/mech_eap/util_oid.c b/mech_eap/util_oid.c
index 14b5f3b..af2f08f 100644 (file)
--- a/mech_eap/util_oid.c
+++ b/mech_eap/util_oid.c
@@ -56,36 +56,37 @@
 
 #include "gssapiP_eap.h"
 
-#if 0
 OM_uint32
-copyOid(OM_uint32 *minor_status,
-        const gss_OID_desc * const oid,
-        gss_OID *new_oid)
+duplicateOid(OM_uint32 *minor,
+             const gss_OID_desc * const oid,
+             gss_OID *newOid)
 {
-    gss_OID         p;
+    gss_OID p;
 
-    *minor_status = 0;
+    *minor = 0;
+    *newOid = GSS_C_NO_OID;
 
-    p = (gss_OID) malloc(sizeof(gss_OID_desc));
-    if (!p) {
-        *minor_status = ENOMEM;
+    p = (gss_OID)GSSEAP_MALLOC(sizeof(*p));
+    if (p == NULL) {
+        *minor = ENOMEM;
         return GSS_S_FAILURE;
     }
     p->length = oid->length;
-    p->elements = malloc(p->length);
-    if (!p->elements) {
-        free(p);
+    p->elements = GSSEAP_MALLCO(p->length);
+    if (p->elements == NULL) {
+        GSSEAP_FREE(p);
         return GSS_S_FAILURE;
     }
+
     memcpy(p->elements, oid->elements, p->length);
-    *new_oid = p;
-    return(GSS_S_COMPLETE);
+    *newOid = p;
+
+    return GSS_S_COMPLETE;
 }
-#endif
 
 /* Compose an OID of a prefix and an integer suffix */
 OM_uint32
-composeOid(OM_uint32 *minor_status,
+composeOid(OM_uint32 *minor,
            const char *prefix,
            size_t prefix_len,
            int suffix,
@@ -96,11 +97,11 @@ composeOid(OM_uint32 *minor_status,
     unsigned char *op;
 
     if (oid == GSS_C_NO_OID) {
-        *minor_status = EINVAL;
+        *minor = EINVAL;
         return GSS_S_FAILURE;
     }
     if (oid->length < prefix_len) {
-        *minor_status = ERANGE;
+        *minor = ERANGE;
         return GSS_S_FAILURE;
     }
 
@@ -115,7 +116,7 @@ composeOid(OM_uint32 *minor_status,
     suffix = osuffix;
 
     if (oid->length < prefix_len + nbytes) {
-        *minor_status = ERANGE;
+        *minor = ERANGE;
         return GSS_S_FAILURE;
     }
 
@@ -131,12 +132,12 @@ composeOid(OM_uint32 *minor_status,
 
     oid->length = prefix_len + nbytes;
 
-    *minor_status = 0;
+    *minor = 0;
     return GSS_S_COMPLETE;
 }
 
 OM_uint32
-decomposeOid(OM_uint32 *minor_status,
+decomposeOid(OM_uint32 *minor,
              const char *prefix,
              size_t prefix_len,
              gss_OID_desc *oid,
@@ -159,7 +160,7 @@ decomposeOid(OM_uint32 *minor_status,
     for (i = 0; i < slen; i++) {
         *suffix = (*suffix << 7) | (op[i] & 0x7f);
         if (i + 1 != slen && (op[i] & 0x80) == 0) {
-            *minor_status = EINVAL;
+            *minor = EINVAL;
             return GSS_S_FAILURE;
         }
     }