From: Mark Donnelly <mark@painless-security.com>
Date: Mon, 13 Jul 2015 19:02:56 +0000 (-0400)
Subject: Return an error when GSSInitSecContext is called with an unacceptable mechanism.
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=gssweb.git;a=commitdiff_plain;h=c9083c77ea799ce4de4994db505f82c3072f3756

Return an error when GSSInitSecContext is called with an unacceptable mechanism.

* Throw std::invalid_argument when the argument doesn't match the GSS_EAP mechanism
* Catch the std::invalid_argument exception within GSSRequest, and generate a somewhat meaningful JSON response with it:
  { method: "method_name",
    return_values:
    { major_status: -1,
      minor_status: -1,
      errors:
      { major_status_message: "An error occurred in parsing the JSON arguments.",
        minor_status_message: "1.2.3.4 must be 1.3.6.1.5.5.15.1.1.*"
      }
    }
  }

  Note that the status codes are -1, which will never happen in GSS itself - those values are unsigned.
---

diff --git a/json_gssapi/json_protocol.txt b/json_gssapi/json_protocol.txt
index d1d8f42..355cb2b 100644
Binary files a/json_gssapi/json_protocol.txt and b/json_gssapi/json_protocol.txt differ
diff --git a/json_gssapi/src/GSSRequest.cpp b/json_gssapi/src/GSSRequest.cpp
index 9e5d1ef..d7d3c07 100644
--- a/json_gssapi/src/GSSRequest.cpp
+++ b/json_gssapi/src/GSSRequest.cpp
@@ -71,20 +71,34 @@ void GSSRequest::execute()
     /* Main processing */
     if (NULL != cmd)
       cmd->execute();
-    
-    /* Cleanup */
-    /* Return */
   }
   catch (GSSException e)
   {
-    delete(cmd);
-    cmd = NULL;
     JSONObject return_values;
     return_values.set("major_status", e.getMajor());
     return_values.set("minor_status", e.getMinor());
     return_values.set("what", e.what());
     response.set("return_values", return_values);
   }
+  catch (std::invalid_argument e)
+  {
+    JSONObject return_values, errors;
+    errors.set("major_status_message", "An error occurred in parsing the JSON arguments.\0");
+    errors.set("minor_status_message", e.what());
+    return_values.set("errors", errors);
+    return_values.set("major_status", -1);
+    return_values.set("minor_status", -1);
+    response.set("return_values", return_values);
+  }
+
+  /* Cleanup */
+  if ( NULL != cmd )
+  {
+    delete(cmd);
+    cmd = NULL;
+  }
+
+  /* return */
 }
 
 
diff --git a/json_gssapi/src/commands/GSSInitSecContext.cpp b/json_gssapi/src/commands/GSSInitSecContext.cpp
index 87da4ab..8b71d81 100644
--- a/json_gssapi/src/commands/GSSInitSecContext.cpp
+++ b/json_gssapi/src/commands/GSSInitSecContext.cpp
@@ -191,6 +191,9 @@ bool GSSInitSecContext::loadParameters(JSONObject *params)
     }
     if (GSS_C_NO_OID == this->mechType.toGss() )
       throw std::invalid_argument( std::string() + "Could not create a mech_type OID from '" + key + "'");
+    if ( !(this->mechType.isGssEapMech()) )
+      throw std::invalid_argument( std::string() +
+				   "'" + key + "' must be 1.3.6.1.5.5.15.1.1.*");
   }
   
   // req_flags