extern int wpa_debug_level;
#endif
-#define CHBIND_SERVICE_NAME_FLAG 0x01
-#define CHBIND_HOST_NAME_FLAG 0x02
-#define CHBIND_SERVICE_SPECIFIC_FLAG 0x04
-#define CHBIND_REALM_NAME_FLAG 0x08
+#define CHBIND_SERVICE_NAME_FLAG 0x01
+#define CHBIND_HOST_NAME_FLAG 0x02
+#define CHBIND_SERVICE_SPECIFIC_FLAG 0x04
+#define CHBIND_REALM_NAME_FLAG 0x08
extern void TestFunc();
peerInitEapChannelBinding(OM_uint32 *minor, gss_ctx_id_t ctx)
{
struct wpabuf *buf = NULL;
- unsigned int requested = 0;
- krb5_principal princ;
- gss_buffer_desc nameBuf;
+ unsigned int chbindReqFlags = 0;
+ krb5_principal princ = NULL;
+ gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
OM_uint32 major = GSS_S_COMPLETE;
krb5_context krbContext = NULL;
- /* must have acceptor name, but already checked in
- * eapGssSmInitAcceptorName(), so maybe redunadant
- * to do so here as well? */
- if (!ctx->acceptorName) {
+ /* XXX is this check redundant? */
+ if (ctx->acceptorName == GSS_C_NO_NAME) {
+ major = GSS_S_BAD_NAME;
*minor = GSSEAP_NO_ACCEPTOR_NAME;
- return GSS_S_BAD_NAME;
+ goto cleanup;
}
princ = ctx->acceptorName->krbPrincipal;
major = gssEapRadiusAddAttr(minor, &buf, PW_GSS_ACCEPTOR_SERVICE_NAME,
0, &nameBuf);
if (GSS_ERROR(major))
- goto init_chbind_cleanup;
- requested |= CHBIND_SERVICE_NAME_FLAG;
+ goto cleanup;
+
+ chbindReqFlags |= CHBIND_SERVICE_NAME_FLAG;
}
krbPrincComponentToGssBuffer(princ, 1, &nameBuf);
major = gssEapRadiusAddAttr(minor, &buf, PW_GSS_ACCEPTOR_HOST_NAME,
0, &nameBuf);
if (GSS_ERROR(major))
- goto init_chbind_cleanup;
- requested |= CHBIND_HOST_NAME_FLAG;
+ goto cleanup;
+
+ chbindReqFlags |= CHBIND_HOST_NAME_FLAG;
}
GSSEAP_KRB_INIT(&krbContext);
+
*minor = krbPrincUnparseServiceSpecifics(krbContext, princ, &nameBuf);
- if (*minor)
- goto init_chbind_cleanup;
+ if (*minor != 0)
+ goto cleanup;
if (nameBuf.length > 0) {
major = gssEapRadiusAddAttr(minor, &buf,
PW_GSS_ACCEPTOR_SERVICE_SPECIFICS,
0, &nameBuf);
- if (GSS_ERROR(major)) {
- krbFreeUnparsedName(krbContext, &nameBuf);
- goto init_chbind_cleanup;
- }
- requested |= CHBIND_SERVICE_SPECIFIC_FLAG;
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+ chbindReqFlags |= CHBIND_SERVICE_SPECIFIC_FLAG;
}
- krbFreeUnparsedName(krbContext, &nameBuf);
+ krbFreeUnparsedName(krbContext, &nameBuf);
krbPrincRealmToGssBuffer(princ, &nameBuf);
+
if (nameBuf.length > 0) {
major = gssEapRadiusAddAttr(minor, &buf,
PW_GSS_ACCEPTOR_REALM_NAME,
0, &nameBuf);
- requested |= CHBIND_REALM_NAME_FLAG;
+ chbindReqFlags |= CHBIND_REALM_NAME_FLAG;
}
- if (requested==0) {
- wpabuf_free(buf);
+ if (chbindReqFlags == 0) {
+ major = GSS_S_BAD_NAME;
*minor = GSSEAP_BAD_ACCEPTOR_NAME;
- return GSS_S_BAD_NAME;
+ goto cleanup;
}
+
ctx->initiatorCtx.chbindData = buf;
- ctx->initiatorCtx.chbindReqFlags = requested;
+ ctx->initiatorCtx.chbindReqFlags = chbindReqFlags;
+
buf = NULL;
-init_chbind_cleanup:
+
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+
+cleanup:
+ krbFreeUnparsedName(krbContext, &nameBuf);
wpabuf_free(buf);
+
return major;
}
peerProcessChbindResponse(void *context, int code, int nsid,
u8 *data, size_t len)
{
- radius_parser msg;
+ radius_parser msg;
gss_ctx_id_t ctx = (gss_ctx_id_t )context;
void *vsadata;
u8 type;
u32 vendor_id;
- u32 accepted = 0;
+ u32 chbindRetFlags = 0;
size_t vsadata_len;
if (nsid != CHBIND_NSID_RADIUS)
return;
+
msg = radius_parser_start(data, len);
- if (!msg)
+ if (msg == NULL)
return;
+
while (radius_parser_parse_tlv(msg, &type, &vendor_id, &vsadata,
&vsadata_len) == 0) {
-
- switch (type) {
- case PW_GSS_ACCEPTOR_SERVICE_NAME:
- accepted |= CHBIND_SERVICE_NAME_FLAG;
- break;
- case PW_GSS_ACCEPTOR_HOST_NAME:
- accepted |= CHBIND_HOST_NAME_FLAG;
- break;
- case PW_GSS_ACCEPTOR_SERVICE_SPECIFICS:
- accepted |= CHBIND_SERVICE_SPECIFIC_FLAG;
- break;
- case PW_GSS_ACCEPTOR_REALM_NAME:
- accepted |= CHBIND_REALM_NAME_FLAG;
- break;
- }
+ switch (type) {
+ case PW_GSS_ACCEPTOR_SERVICE_NAME:
+ chbindRetFlags |= CHBIND_SERVICE_NAME_FLAG;
+ break;
+ case PW_GSS_ACCEPTOR_HOST_NAME:
+ chbindRetFlags |= CHBIND_HOST_NAME_FLAG;
+ break;
+ case PW_GSS_ACCEPTOR_SERVICE_SPECIFICS:
+ chbindRetFlags |= CHBIND_SERVICE_SPECIFIC_FLAG;
+ break;
+ case PW_GSS_ACCEPTOR_REALM_NAME:
+ chbindRetFlags |= CHBIND_REALM_NAME_FLAG;
+ break;
+ }
}
+
radius_parser_finish(msg);
- if ((code == CHBIND_CODE_SUCCESS) &&
- ((accepted & ctx->initiatorCtx.chbindReqFlags) == ctx->initiatorCtx.chbindReqFlags)) {
+
+ if (code == CHBIND_CODE_SUCCESS &&
+ ((chbindRetFlags & ctx->initiatorCtx.chbindReqFlags) == ctx->initiatorCtx.chbindReqFlags)) {
ctx->flags |= CTX_FLAG_EAP_CHBIND_ACCEPT;
ctx->gssFlags |= GSS_C_MUTUAL_FLAG;
- /* Accepted! */
- } else {
- /* log failures? */
- }
+ } /* else log failures? */
}
static OM_uint32
eapPeerConfig->altsubject_match = (unsigned char *)cred->subjectAltNameConstraint.value;
/* eap channel binding */
- if (ctx->initiatorCtx.chbindData)
- {
+ if (ctx->initiatorCtx.chbindData != NULL) {
struct eap_peer_chbind_config *chbind_config =
- (struct eap_peer_chbind_config *)
- GSSEAP_MALLOC(sizeof(struct eap_peer_chbind_config));
+ (struct eap_peer_chbind_config *)GSSEAP_MALLOC(sizeof(struct eap_peer_chbind_config));
if (chbind_config == NULL) {
*minor = ENOMEM;
return GSS_S_FAILURE;
eapPeerConfig->chbind_config = NULL;
eapPeerConfig->chbind_config_len = 0;
}
+
*minor = 0;
return GSS_S_COMPLETE;
}
/*
* Generate channel binding data
*/
- if (ctx->initiatorCtx.chbindData == NULL)
- {
+ if (ctx->initiatorCtx.chbindData == NULL) {
major = peerInitEapChannelBinding(minor, ctx);
if (GSS_ERROR(major))
return major;
if (ret_flags != NULL)
*ret_flags = ctx->gssFlags;
- if (major == GSS_S_COMPLETE)
- major = major;
if (time_rec != NULL)
gssEapContextTime(&tmpMinor, ctx, time_rec);