Better error reporting through com_err

[mech_eap.git] / util_context.c
diff --git a/util_context.c b/util_context.c

index 6d3b937..ae3712a 100644 (file)
--- a/util_context.c
+++ b/util_context.c
@@ -76,6 +76,9 @@ gssEapAllocContext(OM_uint32 *minor,
  static void
  releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
  {
+    OM_uint32 minor;
+
+    gssEapReleaseCred(&minor, &ctx->defaultCred);
      eap_peer_sm_deinit(ctx->eap);
  }
  
@@ -84,12 +87,15 @@ releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
  {
      OM_uint32 tmpMinor;
  
-    if (ctx->avps != NULL)
-        rc_avpair_free(ctx->avps);
+    if (ctx->radConn != NULL)
+        rs_conn_destroy(ctx->radConn);
      if (ctx->radHandle != NULL)
-        rc_config_free(ctx->radHandle);
-
+        rs_context_destroy(ctx->radHandle);
+    if (ctx->radServer != NULL)
+        GSSEAP_FREE(ctx->radServer);
      gss_release_buffer(&tmpMinor, &ctx->state);
+    if (ctx->vps != NULL)
+        gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps);
  }
  
  OM_uint32
@@ -106,6 +112,11 @@ gssEapReleaseContext(OM_uint32 *minor,
  
      gssEapKerberosInit(&tmpMinor, &krbContext);
  
+#ifdef GSSEAP_ENABLE_REAUTH
+    if (ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) {
+        gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+    } else
+#endif
      if (CTX_IS_INITIATOR(ctx)) {
          releaseInitiatorContext(&ctx->initiatorCtx);
      } else {
@@ -156,7 +167,7 @@ OM_uint32
  gssEapVerifyToken(OM_uint32 *minor,
                    gss_ctx_id_t ctx,
                    const gss_buffer_t inputToken,
-                  enum gss_eap_token_type tokenType,
+                  enum gss_eap_token_type *actualToken,
                    gss_buffer_t innerInputToken)
  {
      OM_uint32 major;
@@ -174,13 +185,15 @@ gssEapVerifyToken(OM_uint32 *minor,
      }
  
      major = verifyTokenHeader(minor, oid, &bodySize, &p,
-                              inputToken->length, tokenType);
+                              inputToken->length, actualToken);
      if (GSS_ERROR(major))
-        return GSS_S_DEFECTIVE_TOKEN;
+        return major;
  
      if (ctx->mechanismUsed == GSS_C_NO_OID) {
-        if (!gssEapIsConcreteMechanismOid(oid))
+        if (!gssEapIsConcreteMechanismOid(oid)) {
+            *minor = GSSEAP_WRONG_MECH;
              return GSS_S_BAD_MECH;
+        }
  
          if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) {
              major = duplicateOid(minor, oid, &ctx->mechanismUsed);
@@ -195,3 +208,25 @@ gssEapVerifyToken(OM_uint32 *minor,
      *minor = 0;
      return GSS_S_COMPLETE;
  }
+
+OM_uint32
+gssEapContextTime(OM_uint32 *minor,
+                  gss_ctx_id_t context_handle,
+                  OM_uint32 *time_rec)
+{
+    if (context_handle->expiryTime == 0) {
+        *time_rec = GSS_C_INDEFINITE;
+    } else {
+        time_t now, lifetime;
+
+        time(&now);
+        lifetime = context_handle->expiryTime - now;
+        if (lifetime <= 0) {
+            *time_rec = 0;
+            return GSS_S_CONTEXT_EXPIRED;
+        }
+        *time_rec = lifetime;
+    }
+
+    return GSS_S_COMPLETE;
+}