if (GSS_ERROR(major))
goto cleanup;
- major = addRadiusAttributeFromBuffer(minor, rh, &send,
- PW_USER_NAME, &nameBuf);
+ major = addAvpFromBuffer(minor, rh, &send, PW_USER_NAME, &nameBuf);
if (GSS_ERROR(major))
goto cleanup;
}
- major = addRadiusAttributeFromBuffer(minor, rh, &send, PW_EAP_MESSAGE,
- inputToken);
+ major = addAvpFromBuffer(minor, rh, &send, PW_EAP_MESSAGE, inputToken);
if (GSS_ERROR(major))
goto cleanup;
if (ctx->acceptorCtx.lastStatus == PW_ACCESS_CHALLENGE) {
- major = addRadiusAttributeFromBuffer(minor, rh, &send, PW_STATE,
- &ctx->acceptorCtx.state);
+ major = addAvpFromBuffer(minor, rh, &send, PW_STATE,
+ &ctx->acceptorCtx.state);
if (GSS_ERROR(major))
goto cleanup;
ctx->acceptorCtx.lastStatus = code;
if (code == OK_RC || code == PW_ACCESS_CHALLENGE) {
- major = getBufferFromRadiusAttributes(minor, received, PW_EAP_MESSAGE,
- outputToken);
+ major = getBufferFromAvps(minor, received, PW_EAP_MESSAGE, outputToken);
if (GSS_ERROR(major))
goto cleanup;
if (code == PW_ACCESS_CHALLENGE) {
- major = getBufferFromRadiusAttributes(minor, received, PW_STATE,
- &ctx->acceptorCtx.state);
+ major = getBufferFromAvps(minor, received, PW_STATE,
+ &ctx->acceptorCtx.state);
if (GSS_ERROR(major))
goto cleanup;
}
#include <wpabuf.h>
#endif
-#ifdef __cplusplus
-struct rc_conf;
-typedef struct rc_conf rc_handle;
-
-struct value_pair;
-typedef struct value_pair VALUE_PAIR;
-#else
#include <freeradius-client.h>
#include <freeradius/radius.h>
-#endif
#include "util.h"
return GSS_S_COMPLETE;
}
-static gss_buffer_desc emptyBuffer = GSS_C_EMPTY_BUFFER;
-
static OM_uint32
eapGssSmInitIdentity(OM_uint32 *minor,
gss_cred_id_t cred,
gss_buffer_t inputToken,
gss_buffer_t outputToken)
{
- int initialContextToken;
time_t now;
OM_uint32 major;
+ int initialContextToken;
initialContextToken = (inputToken == GSS_C_NO_BUFFER ||
inputToken->length == 0);
if (!gssEapCredAvailable(cred, ctx->mechanismUsed))
return GSS_S_BAD_MECH;
- major = duplicateBuffer(minor, &emptyBuffer, outputToken);
- if (GSS_ERROR(major))
- return major;
-
ctx->state = EAP_STATE_AUTHENTICATE;
return GSS_S_CONTINUE_NEEDED;
}
+static struct wpabuf emptyWpaBuffer;
+
static OM_uint32
eapGssSmInitAuthenticate(OM_uint32 *minor,
gss_cred_id_t cred,
OM_uint32 tmpMinor;
int code;
struct wpabuf *resp = NULL;
+ int initialContextToken;
+
+ initialContextToken = (inputToken == GSS_C_NO_BUFFER ||
+ inputToken->length == 0);
major = peerConfigInit(minor, cred, ctx);
if (GSS_ERROR(major))
struct eap_config eapConfig;
memset(&eapConfig, 0, sizeof(eapConfig));
- ctx->flags |= CTX_FLAG_EAP_PORT_ENABLED;
ctx->initiatorCtx.eap = eap_peer_sm_init(ctx,
&gssEapPolicyCallbacks,
major = GSS_S_FAILURE;
goto cleanup;
}
+
+ ctx->flags |= CTX_FLAG_EAP_RESTART | CTX_FLAG_EAP_PORT_ENABLED;
}
ctx->flags |= CTX_FLAG_EAP_REQ; /* we have a Request from the acceptor */
code = eap_peer_sm_step(ctx->initiatorCtx.eap);
if (ctx->flags & CTX_FLAG_EAP_RESP) {
-
ctx->flags &= ~(CTX_FLAG_EAP_RESP);
resp = eap_get_eapRespData(ctx->initiatorCtx.eap);
- if (resp != NULL) {
- }
} else if (ctx->flags & CTX_FLAG_EAP_SUCCESS) {
major = initReady(minor, ctx);
if (GSS_ERROR(major))
ctx->state = EAP_STATE_GSS_CHANNEL_BINDINGS;
} else if (ctx->flags & CTX_FLAG_EAP_FAIL) {
major = GSS_S_DEFECTIVE_CREDENTIAL;
- } else if (code == 0) {
+ } else if (code == 0 && initialContextToken) {
+ resp = &emptyWpaBuffer;
+ major = GSS_S_CONTINUE_NEEDED;
+ } else {
major = GSS_S_FAILURE;
}
extern "C" {
#endif
-#ifndef __cplusplus
static inline OM_uint32
-addRadiusAttributeFromBuffer(OM_uint32 *minor,
- rc_handle *rh,
- VALUE_PAIR **vp,
- int type,
- gss_buffer_t buffer)
+addAvpFromBuffer(OM_uint32 *minor,
+ rc_handle *rh,
+ VALUE_PAIR **vp,
+ int type,
+ gss_buffer_t buffer)
{
if (rc_avpair_add(rh, vp, type, buffer->value, buffer->length, 0) == NULL) {
*minor = ENOMEM;
}
static inline OM_uint32
-getBufferFromRadiusAttributes(OM_uint32 *minor,
- VALUE_PAIR *vps,
- int type,
- gss_buffer_t buffer)
+getBufferFromAvps(OM_uint32 *minor,
+ VALUE_PAIR *vps,
+ int type,
+ gss_buffer_t buffer)
{
VALUE_PAIR *vp;
gss_buffer_desc tmp = GSS_C_EMPTY_BUFFER;
return duplicateBuffer(minor, &tmp, buffer);
}
-#endif
OM_uint32 gssEapRadiusAttrProviderInit(OM_uint32 *minor);
OM_uint32 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor);
* limitations under the License.
*/
-#include "gssapiP_eap.h"
-
#include <shibsp/exceptions.h>
#include <shibsp/attribute/SimpleAttribute.h>
#include <shibsp/handler/AssertionConsumerService.h>
#include <shibresolver/resolver.h>
+#include "gssapiP_eap.h"
+
using namespace shibsp;
using namespace shibresolver;
using namespace opensaml::saml2md;