cleanup unused parameter warnings

[mech_eap.git] / util_lucid.c

diff --git a/util_lucid.c b/util_lucid.c
index e8bc7c3..359058c 100644 (file)
--- a/util_lucid.c
+++ b/util_lucid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,18 +30,102 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * "Lucid" security context export routine (called by MIT Kerberos mechanism).
+ */
+
 #include "gssapiP_eap.h"
 
 OM_uint32
 gssEapExportLucidSecContext(OM_uint32 *minor,
                             gss_ctx_id_t ctx,
-                            const gss_OID desiredObject,
+                            const gss_OID desiredObject GSSEAP_UNUSED,
                             gss_buffer_set_t *data_set)
 {
+    OM_uint32 major = GSS_S_COMPLETE;
+    int haveAcceptorSubkey =
+        ((rfc4121Flags(ctx, 0) & TOK_FLAG_ACCEPTOR_SUBKEY) != 0);
+    gss_buffer_desc rep;
+#ifdef HAVE_HEIMDAL_VERSION
+    krb5_error_code code;
+    krb5_storage *sp;
+    krb5_data data = { 0 };
+
+    sp = krb5_storage_emem();
+    if (sp == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    code = krb5_store_int32(sp, 1);     /* version */
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, CTX_IS_INITIATOR(ctx));
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, ctx->expiryTime); 
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, 0);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, ctx->sendSeq);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, 0);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, ctx->recvSeq);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, 1);     /* is_cfx */
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_int32(sp, haveAcceptorSubkey);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_store_keyblock(sp, ctx->rfc3961Key);
+    if (code != 0)
+        goto cleanup;
+
+    if (haveAcceptorSubkey) {
+        code = krb5_store_keyblock(sp, ctx->rfc3961Key);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5_storage_to_data(sp, &data);
+    if (code != 0)
+        goto cleanup;
+
+    rep.length = data.length;
+    rep.value = data.data;
+
+    major = gss_add_buffer_set_member(minor, &rep, data_set);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+cleanup:
+    krb5_data_free(&data);
+
+    if (major == GSS_S_COMPLETE) {
+        *minor = code;
+        major = (code != 0) ? GSS_S_FAILURE : GSS_S_COMPLETE;
+    }
+
+    return major;
+#else
     gss_krb5_lucid_context_v1_t *lctx;
     gss_krb5_lucid_key_t *lkey = NULL;
-    OM_uint32 major;
-    gss_buffer_desc rep;
 
     lctx = (gss_krb5_lucid_context_v1_t *)GSSEAP_CALLOC(1, sizeof(*lctx));
     if (lctx == NULL) {
@@ -56,9 +140,12 @@ gssEapExportLucidSecContext(OM_uint32 *minor,
     lctx->send_seq = ctx->sendSeq;
     lctx->recv_seq = ctx->recvSeq;
     lctx->protocol = 1;
-    lctx->cfx_kd.have_acceptor_subkey = 0;
 
-    lkey = &lctx->cfx_kd.ctx_key;
+    lctx->cfx_kd.have_acceptor_subkey = haveAcceptorSubkey;
+
+    lkey = haveAcceptorSubkey
+           ? &lctx->cfx_kd.ctx_key
+           : &lctx->cfx_kd.acceptor_subkey;
 
     lkey->type = KRB_KEY_TYPE(&ctx->rfc3961Key);
     lkey->data = GSSEAP_MALLOC(KRB_KEY_LENGTH(&ctx->rfc3961Key));
@@ -89,4 +176,5 @@ cleanup:
     }
 
     return major;
+#endif /* HAVE_HEIMDAL_VERSION */
 }