From c9083c77ea799ce4de4994db505f82c3072f3756 Mon Sep 17 00:00:00 2001
From: Mark Donnelly <mark@painless-security.com>
Date: Mon, 13 Jul 2015 15:02:56 -0400
Subject: [PATCH] Return an error when GSSInitSecContext is called with an
 unacceptable mechanism.

* Throw std::invalid_argument when the argument doesn't match the GSS_EAP mechanism
* Catch the std::invalid_argument exception within GSSRequest, and generate a somewhat meaningful JSON response with it:
  { method: "method_name",
    return_values:
    { major_status: -1,
      minor_status: -1,
      errors:
      { major_status_message: "An error occurred in parsing the JSON arguments.",
        minor_status_message: "1.2.3.4 must be 1.3.6.1.5.5.15.1.1.*"
      }
    }
  }

  Note that the status codes are -1, which will never happen in GSS itself - those values are unsigned.
---
 json_gssapi/json_protocol.txt                  | Bin 8430 -> 8620 bytes
 json_gssapi/src/GSSRequest.cpp                 |  24 +++++++++++++++++++-----
 json_gssapi/src/commands/GSSInitSecContext.cpp |   3 +++
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/json_gssapi/json_protocol.txt b/json_gssapi/json_protocol.txt
index d1d8f420143afdce236b3845f7b92fe0346d2928..355cb2b6adf9a741e2ceeb5946a550a2a1e2d388 100644
GIT binary patch
delta 242
zcmZXNF$%&!5Jj;PZL|{YKGty|5hbnITX}&snPgXz-H=^~RvyA@2rA-fEWCht1~;Y=
z<PQuV=Dm3@PRq+<aPW{CGa+6~I2k_(S+~;xuu$3xDv@d(Ll;(R1!*w$*_6$h&t@*Z
zn>yjxLnUM+8q}TrD1+IY)w;bEQl)TO<lIKz;y$cVl$6L_gZ|r{Sy}-O<LHc#NX0W4
mN^?@yYp6<Q88(EHwiH>4+3hvBwvP8+|9Bp*>V4~tp6w5CdP(2_

delta 62
zcmZ4E{LXR1Z80G|1qBWF;NW=Yct8Jme@_=puE`f=^fuoWZ(?LiE=o--Nu7L9QhRcr
Nq&}3p`Jm)$b^y897OemP

diff --git a/json_gssapi/src/GSSRequest.cpp b/json_gssapi/src/GSSRequest.cpp
index 9e5d1ef..d7d3c07 100644
--- a/json_gssapi/src/GSSRequest.cpp
+++ b/json_gssapi/src/GSSRequest.cpp
@@ -71,20 +71,34 @@ void GSSRequest::execute()
     /* Main processing */
     if (NULL != cmd)
       cmd->execute();
-    
-    /* Cleanup */
-    /* Return */
   }
   catch (GSSException e)
   {
-    delete(cmd);
-    cmd = NULL;
     JSONObject return_values;
     return_values.set("major_status", e.getMajor());
     return_values.set("minor_status", e.getMinor());
     return_values.set("what", e.what());
     response.set("return_values", return_values);
   }
+  catch (std::invalid_argument e)
+  {
+    JSONObject return_values, errors;
+    errors.set("major_status_message", "An error occurred in parsing the JSON arguments.\0");
+    errors.set("minor_status_message", e.what());
+    return_values.set("errors", errors);
+    return_values.set("major_status", -1);
+    return_values.set("minor_status", -1);
+    response.set("return_values", return_values);
+  }
+
+  /* Cleanup */
+  if ( NULL != cmd )
+  {
+    delete(cmd);
+    cmd = NULL;
+  }
+
+  /* return */
 }
 
 
diff --git a/json_gssapi/src/commands/GSSInitSecContext.cpp b/json_gssapi/src/commands/GSSInitSecContext.cpp
index 87da4ab..8b71d81 100644
--- a/json_gssapi/src/commands/GSSInitSecContext.cpp
+++ b/json_gssapi/src/commands/GSSInitSecContext.cpp
@@ -191,6 +191,9 @@ bool GSSInitSecContext::loadParameters(JSONObject *params)
     }
     if (GSS_C_NO_OID == this->mechType.toGss() )
       throw std::invalid_argument( std::string() + "Could not create a mech_type OID from '" + key + "'");
+    if ( !(this->mechType.isGssEapMech()) )
+      throw std::invalid_argument( std::string() +
+				   "'" + key + "' must be 1.3.6.1.5.5.15.1.1.*");
   }
   
   // req_flags
-- 
2.1.4