Merge branch 'fastreauth'

[mech_eap.orig] / import_sec_context.c

diff --git a/import_sec_context.c b/import_sec_context.c
index 648bff5..219bfe0 100644 (file)
--- a/import_sec_context.c
+++ b/import_sec_context.c
@@ -38,23 +38,33 @@ gssEapImportPartialContext(OM_uint32 *minor,
                            size_t *pRemain,
                            gss_ctx_id_t ctx)
 {
+    OM_uint32 major;
     unsigned char *p = *pBuf;
     size_t remain = *pRemain;
     gss_buffer_desc buf;
 
+    /* XXX we also need to deserialise the current server name */
+
     if (remain < 4) {
         *minor = ERANGE;
         return GSS_S_DEFECTIVE_TOKEN;
     }
-
     buf.length = load_uint32_be(p);
 
-    if (buf.length != 0) {
-        *minor = EINVAL;
+    if (remain < buf.length) {
+        *minor = ERANGE;
         return GSS_S_DEFECTIVE_TOKEN;
+
     }
+    buf.value = &p[4];
+
+    major = duplicateBuffer(minor, &buf, &ctx->acceptorCtx.state);
+    if (GSS_ERROR(major))
+        return major;
+
+    *pBuf += 4 + buf.length;
+    *pRemain -= 4 + buf.length;
 
-    *minor = 0;
     return GSS_S_COMPLETE;
 }
 
@@ -170,7 +180,7 @@ importName(OM_uint32 *minor,
         tmp.value = p + 4;
 
         major = gssEapImportNameInternal(minor, &tmp, pName,
-                                         EXPORT_NAME_FLAG_ATTRS);
+                                         EXPORT_NAME_FLAG_COMPOSITE);
         if (GSS_ERROR(major))
             return major;
     }
@@ -206,7 +216,7 @@ gssEapImportContext(OM_uint32 *minor,
     remain -= 16;
 
     /* Validate state */
-    if (ctx->state < EAP_STATE_AUTHENTICATE ||
+    if (ctx->state < EAP_STATE_IDENTITY ||
         ctx->state > EAP_STATE_ESTABLISHED)
         return GSS_S_DEFECTIVE_TOKEN;
 
@@ -259,12 +269,16 @@ gssEapImportContext(OM_uint32 *minor,
      * acceptor contexts.
      */
     if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) {
+        assert((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) == 0);
+
         major = gssEapImportPartialContext(minor, &p, &remain, ctx);
         if (GSS_ERROR(major))
             return major;
     }
 
+#ifdef GSSEAP_DEBUG
     assert(remain == 0);
+#endif
 
     *minor = 0;
     major = GSS_S_COMPLETE;