X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=util_context.c;h=03bad1c44bd393d2173eed37bab63cc46ef2a7bf;hp=6e2715a06eb384695c685c53648882e4244b0c98;hb=ae79fdae047f980d01b2b4e84ccea52e24d8c7a0;hpb=c782e76527626566bb4d6fddf38f83beea0aa72a

diff --git a/util_context.c b/util_context.c
index 6e2715a..03bad1c 100644
--- a/util_context.c
+++ b/util_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,6 +30,10 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * Utility routines for context handles.
+ */
+
 #include "gssapiP_eap.h"
 
 OM_uint32
@@ -53,7 +57,7 @@ gssEapAllocContext(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
 
-    ctx->state = EAP_STATE_AUTHENTICATE;
+    ctx->state = GSSEAP_STATE_INITIAL;
 
     /*
      * Integrity, confidentiality, sequencing and replay detection are
@@ -62,10 +66,11 @@ gssEapAllocContext(OM_uint32 *minor,
      * to these services in the output of GSS_Init_sec_context and
      * GSS_Accept_sec_context.
     */
-    ctx->gssFlags = GSS_C_INTEG_FLAG    |
-                    GSS_C_CONF_FLAG     |
-                    GSS_C_SEQUENCE_FLAG |
-                    GSS_C_REPLAY_FLAG;
+    ctx->gssFlags = GSS_C_TRANS_FLAG    |   /* exporting contexts */
+                    GSS_C_INTEG_FLAG    |   /* integrity */
+                    GSS_C_CONF_FLAG     |   /* confidentiality */
+                    GSS_C_SEQUENCE_FLAG |   /* sequencing */
+                    GSS_C_REPLAY_FLAG;      /* replay detection */
 
     *pCtx = ctx;
 
@@ -73,15 +78,25 @@ gssEapAllocContext(OM_uint32 *minor,
 }
 
 static void
-releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx)
+releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
 {
     eap_peer_sm_deinit(ctx->eap);
-    wpabuf_free(ctx->eapReqData);
 }
 
 static void
-releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx)
+releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
 {
+    OM_uint32 tmpMinor;
+
+    if (ctx->radConn != NULL)
+        rs_conn_destroy(ctx->radConn);
+    if (ctx->radContext != NULL)
+        rs_context_destroy(ctx->radContext);
+    if (ctx->radServer != NULL)
+        GSSEAP_FREE(ctx->radServer);
+    gss_release_buffer(&tmpMinor, &ctx->state);
+    if (ctx->vps != NULL)
+        gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps);
 }
 
 OM_uint32
@@ -98,6 +113,11 @@ gssEapReleaseContext(OM_uint32 *minor,
 
     gssEapKerberosInit(&tmpMinor, &krbContext);
 
+#ifdef GSSEAP_ENABLE_REAUTH
+    if (ctx->flags & CTX_FLAG_KRB_REAUTH) {
+        gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+    } else
+#endif
     if (CTX_IS_INITIATOR(ctx)) {
         releaseInitiatorContext(&ctx->initiatorCtx);
     } else {
@@ -107,8 +127,9 @@ gssEapReleaseContext(OM_uint32 *minor,
     krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key);
     gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
     gssEapReleaseName(&tmpMinor, &ctx->acceptorName);
-    gss_release_oid(&tmpMinor, &ctx->mechanismUsed);
-    sequenceFree(ctx->seqState);
+    gssEapReleaseOid(&tmpMinor, &ctx->mechanismUsed);
+    sequenceFree(&tmpMinor, &ctx->seqState);
+    gssEapReleaseCred(&tmpMinor, &ctx->defaultCred);
 
     GSSEAP_MUTEX_DESTROY(&ctx->mutex);
 
@@ -148,7 +169,7 @@ OM_uint32
 gssEapVerifyToken(OM_uint32 *minor,
                   gss_ctx_id_t ctx,
                   const gss_buffer_t inputToken,
-                  enum gss_eap_token_type tokenType,
+                  enum gss_eap_token_type *actualToken,
                   gss_buffer_t innerInputToken)
 {
     OM_uint32 major;
@@ -165,13 +186,16 @@ gssEapVerifyToken(OM_uint32 *minor,
         oid = &oidBuf;
     }
 
-    major = verifyTokenHeader(oid, &bodySize, &p, inputToken->length, tokenType);
+    major = verifyTokenHeader(minor, oid, &bodySize, &p,
+                              inputToken->length, actualToken);
     if (GSS_ERROR(major))
         return major;
 
-    if (ctx->mechanismUsed != GSS_C_NO_OID) {
-        if (!gssEapIsConcreteMechanismOid(oid))
+    if (ctx->mechanismUsed == GSS_C_NO_OID) {
+        if (!gssEapIsConcreteMechanismOid(oid)) {
+            *minor = GSSEAP_WRONG_MECH;
             return GSS_S_BAD_MECH;
+        }
 
         if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) {
             major = duplicateOid(minor, oid, &ctx->mechanismUsed);
@@ -186,3 +210,27 @@ gssEapVerifyToken(OM_uint32 *minor,
     *minor = 0;
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+gssEapContextTime(OM_uint32 *minor,
+                  gss_ctx_id_t context_handle,
+                  OM_uint32 *time_rec)
+{
+    *minor = 0;
+
+    if (context_handle->expiryTime == 0) {
+        *time_rec = GSS_C_INDEFINITE;
+    } else {
+        time_t now, lifetime;
+
+        time(&now);
+        lifetime = context_handle->expiryTime - now;
+        if (lifetime <= 0) {
+            *time_rec = 0;
+            return GSS_S_CONTEXT_EXPIRED;
+        }
+        *time_rec = lifetime;
+    }
+
+    return GSS_S_COMPLETE;
+}