gss_channel_bindings_t chanBindings,
gss_buffer_t inputToken)
{
+ OM_uint32 major = GSS_S_UNAVAILABLE;
+
#ifdef GSSEAP_ENABLE_REAUTH
- return gssEapStoreReauthCreds(minor, ctx, cred, inputToken);
-#else
- return GSS_S_UNAVAILABLE;
+ major = gssEapStoreReauthCreds(minor, ctx, cred, inputToken);
#endif
+
+ return major;
}
static struct gss_eap_extension_provider
};
OM_uint32
-gssEapMakeExtensions(OM_uint32 *minor,
- gss_cred_id_t cred,
- gss_ctx_id_t ctx,
- gss_channel_bindings_t chanBindings,
- gss_buffer_t buffer)
+makeExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ const struct gss_eap_extension_provider *exts,
+ size_t nexts,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t buffer)
{
OM_uint32 major, tmpMinor;
- size_t i, j, nexts;
+ size_t i, j;
gss_buffer_set_t extensions = GSS_C_NO_BUFFER_SET;
OM_uint32 *types;
- const struct gss_eap_extension_provider *exts;
-
- if (CTX_IS_INITIATOR(ctx)) {
- exts = eapGssInitExtensions;
- nexts = sizeof(eapGssInitExtensions) / sizeof(eapGssInitExtensions[0]);
- } else {
- exts = eapGssAcceptExtensions;
- nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
- }
assert(buffer != GSS_C_NO_BUFFER);
}
OM_uint32
-gssEapVerifyExtensions(OM_uint32 *minor,
- gss_cred_id_t cred,
- gss_ctx_id_t ctx,
- gss_channel_bindings_t chanBindings,
- const gss_buffer_t buffer)
+gssEapMakeExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t buffer)
{
- OM_uint32 major, tmpMinor;
- gss_buffer_set_t extensions = GSS_C_NO_BUFFER_SET;
- OM_uint32 *types = NULL;
- size_t i, nexts;
+ size_t nexts;
const struct gss_eap_extension_provider *exts;
if (CTX_IS_INITIATOR(ctx)) {
- exts = eapGssAcceptExtensions;
- nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
- } else {
exts = eapGssInitExtensions;
nexts = sizeof(eapGssInitExtensions) / sizeof(eapGssInitExtensions[0]);
+ } else {
+ exts = eapGssAcceptExtensions;
+ nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
}
+ return makeExtensions(minor, cred, ctx, exts, nexts, chanBindings, buffer);
+}
+
+static OM_uint32
+verifyExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ const struct gss_eap_extension_provider *exts,
+ size_t nexts,
+ gss_channel_bindings_t chanBindings,
+ const gss_buffer_t buffer)
+{
+ OM_uint32 major, tmpMinor;
+ gss_buffer_set_t extensions = GSS_C_NO_BUFFER_SET;
+ OM_uint32 *types = NULL;
+ size_t i;
+
major = decodeExtensions(minor, buffer, &extensions, &types);
if (GSS_ERROR(major))
goto cleanup;
types[j] |= EXT_FLAG_VERIFIED;
} else if (ext->required) {
/* Required extension missing */
- *minor = ENOENT;
+ *minor = GSSEAP_MISSING_REQUIRED_EXT;
major = GSS_S_UNAVAILABLE;
- gssEapSaveStatusInfo(*minor,
- "Missing required GSS EAP extension %08x",
- ext->type);
goto cleanup;
}
}
for (i = 0; i < extensions->count; i++) {
if ((types[i] & EXT_FLAG_CRITICAL) &&
(types[i] & EXT_FLAG_VERIFIED) == 0) {
- *minor = ENOSYS;
+ *minor = GSSEAP_CRIT_EXT_UNAVAILABLE;
major = GSS_S_UNAVAILABLE;
- gssEapSaveStatusInfo(*minor,
- "Received unknown critical GSS EAP extension %08x",
- (types[i] & EXT_TYPE_MASK));
goto cleanup;
}
}
return major;
}
+OM_uint32
+gssEapVerifyExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ const gss_buffer_t buffer)
+{
+ size_t nexts;
+ const struct gss_eap_extension_provider *exts;
+
+ if (CTX_IS_INITIATOR(ctx)) {
+ exts = eapGssAcceptExtensions;
+ nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
+ } else {
+ exts = eapGssInitExtensions;
+ nexts = sizeof(eapGssInitExtensions) / sizeof(eapGssInitExtensions[0]);
+ }
+
+ return verifyExtensions(minor, cred, ctx, exts, nexts, chanBindings, buffer);
+}
+
static OM_uint32
encodeExtensions(OM_uint32 *minor,
gss_buffer_set_t extensions,
projects / mech_eap.git / blobdiff