OM_uint32 *message_context,
gss_buffer_t status_string)
{
- OM_uint32 major = GSS_S_COMPLETE;
+ OM_uint32 major;
krb5_context krbContext = NULL;
const char *errMsg;
status_string->value = NULL;
if (!gssEapIsMechanismOid(mech_type)) {
+ *minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
}
if (status_type != GSS_C_MECH_CODE) {
/* we rely on the mechglue for GSS_C_GSS_CODE */
+ *minor = 0;
return GSS_S_BAD_STATUS;
}
errMsg = krb5_get_error_message(krbContext, status_value);
}
- if (errMsg != NULL)
+ if (errMsg != NULL) {
major = makeStringBuffer(minor, errMsg, status_string);
+ } else {
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+ }
if (krbContext != NULL)
krb5_free_error_message(krbContext, errMsg);
token->value = GSSEAP_MALLOC(length);
if (token->value == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
token->length = length;
token->value = GSSEAP_MALLOC(length);
if (token->value == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
token->length = length;
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
}
assert(remain == 0);
#endif
- *minor = 0;
major = GSS_S_COMPLETE;
+ *minor = 0;
return major;
}
if (!gssEapInternalizeOid(mech, &ctx->mechanismUsed))
major = duplicateOid(minor, mech, &ctx->mechanismUsed);
} else {
- *minor = GSSEAP_WRONG_MECH;
major = GSS_S_BAD_MECH;
+ *minor = GSSEAP_WRONG_MECH;
}
if (GSS_ERROR(major))
return major;
ctx,
&eapConfig);
if (ctx->initiatorCtx.eap == NULL) {
- *minor = GSSEAP_PEER_SM_INIT_FAILURE;
major = GSS_S_FAILURE;
+ *minor = GSSEAP_PEER_SM_INIT_FAILURE;
goto cleanup;
}
major = GSS_S_CONTINUE_NEEDED;
ctx->state = EAP_STATE_EXTENSIONS_REQ;
} else if (ctx->flags & CTX_FLAG_EAP_FAIL) {
- *minor = GSSEAP_PEER_AUTH_FAILURE;
major = GSS_S_DEFECTIVE_CREDENTIAL;
+ *minor = GSSEAP_PEER_AUTH_FAILURE;
} else if (code == 0 && initialContextToken) {
resp = &emptyWpaBuffer;
major = GSS_S_CONTINUE_NEEDED;
} else {
- *minor = GSSEAP_PEER_BAD_MESSAGE;
major = GSS_S_DEFECTIVE_TOKEN;
+ *minor = GSSEAP_PEER_BAD_MESSAGE;
}
cleanup:
*minor = ERROR_TABLE_BASE_eapg + load_uint32_be(&p[4]);
if (!GSS_ERROR(major)) {
- *minor = GSSEAP_BAD_ERROR_TOKEN;
major = GSS_S_FAILURE;
+ *minor = GSSEAP_BAD_ERROR_TOKEN;
}
return major;
#endif
if ((cred->flags & CRED_FLAG_INITIATE) == 0) {
- *minor = GSSEAP_CRED_USAGE_MISMATCH;
major = GSS_S_NO_CRED;
+ *minor = GSSEAP_CRED_USAGE_MISMATCH;
goto cleanup;
}
if (tokType == TOK_TYPE_CONTEXT_ERR) {
ctx->state = EAP_STATE_ERROR;
} else if (tokType != sm->inputTokenType) {
- *minor = GSSEAP_WRONG_TOK_ID;
major = GSS_S_DEFECTIVE_TOKEN;
+ *minor = GSSEAP_WRONG_TOK_ID;
goto cleanup;
}
} else {
#endif
}
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+
cleanup:
if (GSS_ERROR(major)) {
gss_release_oid_set(&tmpMinor, mech_attrs);
gss_cred_usage_t *cred_usage,
gss_OID_set *mechanisms)
{
- OM_uint32 major = GSS_S_COMPLETE;
+ OM_uint32 major;
if (cred == NULL) {
*minor = EINVAL;
goto cleanup;
}
- *minor = 0;
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
GSSEAP_MUTEX_UNLOCK(&cred->mutex);
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
- OM_uint32 major = GSS_S_UNAVAILABLE;
+ OM_uint32 major;
int i;
*data_set = GSS_C_NO_BUFFER_SET;
if (sasl_mech_name != GSS_C_NO_BUFFER) {
name = gssEapOidToSaslName(mech);
if (name == GSS_C_NO_BUFFER) {
- *minor = GSSEAP_WRONG_MECH;
major = GSS_S_BAD_MECH;
+ *minor = GSSEAP_WRONG_MECH;
} else {
major = duplicateBuffer(minor, name, sasl_mech_name);
}
goto cleanup;
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
if (GSS_ERROR(major) && *dataSet != GSS_C_NO_BUFFER_SET) {
gss_OID_set *elements_stored,
gss_cred_usage_t *cred_usage_stored)
{
- OM_uint32 major = GSS_S_UNAVAILABLE;
-
- *minor = 0;
+ OM_uint32 major;
if (elements_stored != NULL)
*elements_stored = GSS_C_NO_OID_SET;
if (cred_usage_stored != NULL)
*cred_usage_stored = input_usage;
- if (cred == GSS_C_NO_CREDENTIAL)
+ if (cred == GSS_C_NO_CREDENTIAL) {
+ *minor = EINVAL;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED;
+ }
GSSEAP_MUTEX_LOCK(&cred->mutex);
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+
#ifdef GSSEAP_ENABLE_REAUTH
if (cred->krbCred != GSS_C_NO_CREDENTIAL) {
major = gssStoreCred(minor,
if (stream->buffer.length < theader->buffer.length +
tpadding->buffer.length +
ttrailer->buffer.length) {
- code = GSSEAP_TOK_TRUNC;
major = GSS_S_DEFECTIVE_TOKEN;
+ code = GSSEAP_TOK_TRUNC;
goto cleanup;
}
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
}
/* default host-based service is host@localhost */
if (gethostname(&serviceName[5], MAXHOSTNAMELEN) != 0) {
- *minor = GSSEAP_NO_HOSTNAME;
major = GSS_S_FAILURE;
+ *minor = GSSEAP_NO_HOSTNAME;
goto cleanup;
}
cred->flags |= CRED_FLAG_ACCEPT;
break;
default:
- *minor = GSSEAP_BAD_USAGE;
major = GSS_S_FAILURE;
+ *minor = GSSEAP_BAD_USAGE;
goto cleanup;
break;
}
*timeRec = GSS_C_INDEFINITE;
*pCred = cred;
+
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
if (GSS_ERROR(major))
if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS &&
!bufferEqual(&iov[0].buffer, &chanBindings->application_data)) {
- *minor = GSSEAP_BINDINGS_MISMATCH;
major = GSS_S_BAD_BINDINGS;
+ *minor = GSSEAP_BINDINGS_MISMATCH;
} else {
major = GSS_S_COMPLETE;
}
types = GSSEAP_CALLOC(nexts, sizeof(OM_uint32));
if (types == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
types[j] |= EXT_FLAG_VERIFIED;
} else if (ext->required) {
/* Required extension missing */
- *minor = GSSEAP_MISSING_REQUIRED_EXT;
major = GSS_S_UNAVAILABLE;
+ *minor = GSSEAP_MISSING_REQUIRED_EXT;
goto cleanup;
}
}
for (i = 0; i < extensions->count; i++) {
if ((types[i] & EXT_FLAG_CRITICAL) &&
(types[i] & EXT_FLAG_VERIFIED) == 0) {
- *minor = GSSEAP_CRIT_EXT_UNAVAILABLE;
major = GSS_S_UNAVAILABLE;
+ *minor = GSSEAP_CRIT_EXT_UNAVAILABLE;
goto cleanup;
}
}
- *minor = 0;
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
gss_release_buffer_set(&tmpMinor, &extensions);
*/
buffer->value = GSSEAP_MALLOC(required ? required : 1);
if (buffer->value == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
gss_buffer_desc extension;
if (remain < 8) {
- *minor = GSSEAP_TOK_TRUNC;
major = GSS_S_DEFECTIVE_TOKEN;
+ *minor = GSSEAP_TOK_TRUNC;
goto cleanup;
}
ntypes = GSSEAP_REALLOC(types,
(extensions->count + 1) * sizeof(OM_uint32));
if (ntypes == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
types = ntypes;
extension.length = load_uint32_be(&p[4]);
if (remain < 8 + extension.length) {
- *minor = GSSEAP_TOK_TRUNC;
major = GSS_S_DEFECTIVE_TOKEN;
+ *minor = GSSEAP_TOK_TRUNC;
goto cleanup;
}
extension.value = &p[8];
#define CHECK_REMAIN(n) do { \
if (remain < (n)) { \
- *minor = GSSEAP_TOK_TRUNC; \
major = GSS_S_BAD_NAME; \
+ *minor = GSSEAP_TOK_TRUNC; \
goto cleanup; \
} \
} while (0)
}
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
if (GSS_ERROR(major))
assert(p == (unsigned char *)exportedName->value + exportedNameLen);
- *minor = 0;
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
gss_release_buffer(&tmpMinor, &attrs);
{
OM_uint32 major = GSS_S_CRED_UNAVAIL;
krb5_context krbContext = NULL;
- krb5_error_code code;
+ krb5_error_code code = 0;
krb5_ccache ccache = NULL;
krb5_creds match = { 0 };
krb5_creds creds = { 0 };
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
}
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
}
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
}
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- *minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
}