From: Luke Howard Date: Mon, 13 Sep 2010 20:31:11 +0000 (+0200) Subject: Plug builtin EAP back in X-Git-Url: http://www.project-moonshot.org/gitweb/?p=cyrus-sasl.git;a=commitdiff_plain;h=5f24e7997b1bbfba28c01ef7d73f919d048b4329 Plug builtin EAP back in --- diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c index 491ce46..4d68918 100644 --- a/mech_eap/accept_sec_context.c +++ b/mech_eap/accept_sec_context.c @@ -32,8 +32,6 @@ #include "gssapiP_eap.h" -//#define BUILTIN_EAP - #ifdef BUILTIN_EAP #define EAP_KEY_AVAILABLE(ctx) ((ctx)->acceptorCtx.eapPolInterface->eapKeyAvailable) #define EAP_KEY_DATA(ctx) ((ctx)->acceptorCtx.eapPolInterface->eapKeyData) @@ -44,52 +42,8 @@ #define EAP_KEY_LENGTH(ctx) 0 #endif /* BUILTIN_EAP */ -/* - * Mark a context as ready for cryptographic operations - */ static OM_uint32 -acceptReady(OM_uint32 *minor, gss_ctx_id_t ctx) -{ - OM_uint32 major; - - /* Cache encryption type derived from selected mechanism OID */ - major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType); - if (GSS_ERROR(major)) - return major; - - if (ctx->encryptionType != ENCTYPE_NULL && - EAP_KEY_AVAILABLE(ctx)) { - major = gssEapDeriveRfc3961Key(minor, - EAP_KEY_DATA(ctx), - EAP_KEY_LENGTH(ctx), - ctx->encryptionType, - &ctx->rfc3961Key); - if (GSS_ERROR(major)) - return major; - - major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, - &ctx->checksumType); - if (GSS_ERROR(major)) - return major; - } else { - /* - * draft-howlett-eap-gss says that integrity/confidentialty should - * always be advertised as available, but if we have no keying - * material it seems confusing to the caller to advertise this. - */ - ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG); - } - - major = sequenceInit(minor, - &ctx->seqState, ctx->recvSeq, - ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), - ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), - TRUE); - if (GSS_ERROR(major)) - return major; - - return GSS_S_COMPLETE; -} +acceptReady(OM_uint32 *minor, gss_ctx_id_t ctx); #ifdef BUILTIN_EAP #define EAP_MAX_METHODS 8 @@ -573,3 +527,50 @@ cleanup: return major; } + +/* + * Mark a context as ready for cryptographic operations + */ +static OM_uint32 +acceptReady(OM_uint32 *minor, gss_ctx_id_t ctx) +{ + OM_uint32 major; + + /* Cache encryption type derived from selected mechanism OID */ + major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType); + if (GSS_ERROR(major)) + return major; + + if (ctx->encryptionType != ENCTYPE_NULL && + EAP_KEY_AVAILABLE(ctx)) { + major = gssEapDeriveRfc3961Key(minor, + EAP_KEY_DATA(ctx), + EAP_KEY_LENGTH(ctx), + ctx->encryptionType, + &ctx->rfc3961Key); + if (GSS_ERROR(major)) + return major; + + major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, + &ctx->checksumType); + if (GSS_ERROR(major)) + return major; + } else { + /* + * draft-howlett-eap-gss says that integrity/confidentialty should + * always be advertised as available, but if we have no keying + * material it seems confusing to the caller to advertise this. + */ + ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG); + } + + major = sequenceInit(minor, + &ctx->seqState, ctx->recvSeq, + ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), + ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), + TRUE); + if (GSS_ERROR(major)) + return major; + + return GSS_S_COMPLETE; +} diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h index e02927c..3c6968d 100644 --- a/mech_eap/gssapiP_eap.h +++ b/mech_eap/gssapiP_eap.h @@ -33,6 +33,8 @@ #ifndef _GSSAPIP_EAP_H_ #define _GSSAPIP_EAP_H_ 1 +#define BUILTIN_EAP 1 + #include #include #include @@ -119,9 +121,11 @@ struct eap_gss_initiator_ctx { }; struct eap_gss_acceptor_ctx { +#ifdef BUILTIN_EAP struct eap_eapol_interface *eapPolInterface; void *tlsContext; struct eap_sm *eap; +#endif }; struct gss_ctx_id_struct {