From 4064e866bb8ca6458ff0152364c3b2d62a18e45d Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Tue, 21 Sep 2010 00:37:30 +0200 Subject: [PATCH] fix up state machine, some compile ints --- accept_sec_context.c | 17 +++++++---------- gssapiP_eap.h | 8 -------- init_sec_context.c | 25 +++++++++++++------------ util_radius.h | 20 +++++++++----------- util_shib.cpp | 4 ++-- 5 files changed, 31 insertions(+), 43 deletions(-) diff --git a/accept_sec_context.c b/accept_sec_context.c index 01a07bc..73fba28 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -215,20 +215,18 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor, if (GSS_ERROR(major)) goto cleanup; - major = addRadiusAttributeFromBuffer(minor, rh, &send, - PW_USER_NAME, &nameBuf); + major = addAvpFromBuffer(minor, rh, &send, PW_USER_NAME, &nameBuf); if (GSS_ERROR(major)) goto cleanup; } - major = addRadiusAttributeFromBuffer(minor, rh, &send, PW_EAP_MESSAGE, - inputToken); + major = addAvpFromBuffer(minor, rh, &send, PW_EAP_MESSAGE, inputToken); if (GSS_ERROR(major)) goto cleanup; if (ctx->acceptorCtx.lastStatus == PW_ACCESS_CHALLENGE) { - major = addRadiusAttributeFromBuffer(minor, rh, &send, PW_STATE, - &ctx->acceptorCtx.state); + major = addAvpFromBuffer(minor, rh, &send, PW_STATE, + &ctx->acceptorCtx.state); if (GSS_ERROR(major)) goto cleanup; @@ -245,14 +243,13 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor, ctx->acceptorCtx.lastStatus = code; if (code == OK_RC || code == PW_ACCESS_CHALLENGE) { - major = getBufferFromRadiusAttributes(minor, received, PW_EAP_MESSAGE, - outputToken); + major = getBufferFromAvps(minor, received, PW_EAP_MESSAGE, outputToken); if (GSS_ERROR(major)) goto cleanup; if (code == PW_ACCESS_CHALLENGE) { - major = getBufferFromRadiusAttributes(minor, received, PW_STATE, - &ctx->acceptorCtx.state); + major = getBufferFromAvps(minor, received, PW_STATE, + &ctx->acceptorCtx.state); if (GSS_ERROR(major)) goto cleanup; } diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 45be196..7830e2e 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -57,16 +57,8 @@ #include #endif -#ifdef __cplusplus -struct rc_conf; -typedef struct rc_conf rc_handle; - -struct value_pair; -typedef struct value_pair VALUE_PAIR; -#else #include #include -#endif #include "util.h" diff --git a/init_sec_context.c b/init_sec_context.c index dd90745..1268d20 100644 --- a/init_sec_context.c +++ b/init_sec_context.c @@ -274,8 +274,6 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx) return GSS_S_COMPLETE; } -static gss_buffer_desc emptyBuffer = GSS_C_EMPTY_BUFFER; - static OM_uint32 eapGssSmInitIdentity(OM_uint32 *minor, gss_cred_id_t cred, @@ -288,9 +286,9 @@ eapGssSmInitIdentity(OM_uint32 *minor, gss_buffer_t inputToken, gss_buffer_t outputToken) { - int initialContextToken; time_t now; OM_uint32 major; + int initialContextToken; initialContextToken = (inputToken == GSS_C_NO_BUFFER || inputToken->length == 0); @@ -326,15 +324,13 @@ eapGssSmInitIdentity(OM_uint32 *minor, if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) return GSS_S_BAD_MECH; - major = duplicateBuffer(minor, &emptyBuffer, outputToken); - if (GSS_ERROR(major)) - return major; - ctx->state = EAP_STATE_AUTHENTICATE; return GSS_S_CONTINUE_NEEDED; } +static struct wpabuf emptyWpaBuffer; + static OM_uint32 eapGssSmInitAuthenticate(OM_uint32 *minor, gss_cred_id_t cred, @@ -351,6 +347,10 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, OM_uint32 tmpMinor; int code; struct wpabuf *resp = NULL; + int initialContextToken; + + initialContextToken = (inputToken == GSS_C_NO_BUFFER || + inputToken->length == 0); major = peerConfigInit(minor, cred, ctx); if (GSS_ERROR(major)) @@ -360,7 +360,6 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, struct eap_config eapConfig; memset(&eapConfig, 0, sizeof(eapConfig)); - ctx->flags |= CTX_FLAG_EAP_PORT_ENABLED; ctx->initiatorCtx.eap = eap_peer_sm_init(ctx, &gssEapPolicyCallbacks, @@ -370,6 +369,8 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, major = GSS_S_FAILURE; goto cleanup; } + + ctx->flags |= CTX_FLAG_EAP_RESTART | CTX_FLAG_EAP_PORT_ENABLED; } ctx->flags |= CTX_FLAG_EAP_REQ; /* we have a Request from the acceptor */ @@ -381,12 +382,9 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, code = eap_peer_sm_step(ctx->initiatorCtx.eap); if (ctx->flags & CTX_FLAG_EAP_RESP) { - ctx->flags &= ~(CTX_FLAG_EAP_RESP); resp = eap_get_eapRespData(ctx->initiatorCtx.eap); - if (resp != NULL) { - } } else if (ctx->flags & CTX_FLAG_EAP_SUCCESS) { major = initReady(minor, ctx); if (GSS_ERROR(major)) @@ -397,7 +395,10 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, ctx->state = EAP_STATE_GSS_CHANNEL_BINDINGS; } else if (ctx->flags & CTX_FLAG_EAP_FAIL) { major = GSS_S_DEFECTIVE_CREDENTIAL; - } else if (code == 0) { + } else if (code == 0 && initialContextToken) { + resp = &emptyWpaBuffer; + major = GSS_S_CONTINUE_NEEDED; + } else { major = GSS_S_FAILURE; } diff --git a/util_radius.h b/util_radius.h index 1da66f2..d6ab501 100644 --- a/util_radius.h +++ b/util_radius.h @@ -90,13 +90,12 @@ private: extern "C" { #endif -#ifndef __cplusplus static inline OM_uint32 -addRadiusAttributeFromBuffer(OM_uint32 *minor, - rc_handle *rh, - VALUE_PAIR **vp, - int type, - gss_buffer_t buffer) +addAvpFromBuffer(OM_uint32 *minor, + rc_handle *rh, + VALUE_PAIR **vp, + int type, + gss_buffer_t buffer) { if (rc_avpair_add(rh, vp, type, buffer->value, buffer->length, 0) == NULL) { *minor = ENOMEM; @@ -107,10 +106,10 @@ addRadiusAttributeFromBuffer(OM_uint32 *minor, } static inline OM_uint32 -getBufferFromRadiusAttributes(OM_uint32 *minor, - VALUE_PAIR *vps, - int type, - gss_buffer_t buffer) +getBufferFromAvps(OM_uint32 *minor, + VALUE_PAIR *vps, + int type, + gss_buffer_t buffer) { VALUE_PAIR *vp; gss_buffer_desc tmp = GSS_C_EMPTY_BUFFER; @@ -123,7 +122,6 @@ getBufferFromRadiusAttributes(OM_uint32 *minor, return duplicateBuffer(minor, &tmp, buffer); } -#endif OM_uint32 gssEapRadiusAttrProviderInit(OM_uint32 *minor); OM_uint32 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor); diff --git a/util_shib.cpp b/util_shib.cpp index 8da0bbc..33280d5 100644 --- a/util_shib.cpp +++ b/util_shib.cpp @@ -45,14 +45,14 @@ * limitations under the License. */ -#include "gssapiP_eap.h" - #include #include #include #include +#include "gssapiP_eap.h" + using namespace shibsp; using namespace shibresolver; using namespace opensaml::saml2md; -- 2.1.4