size_t *pRemain,
gss_ctx_id_t ctx)
{
+ OM_uint32 major;
unsigned char *p = *pBuf;
size_t remain = *pRemain;
gss_buffer_desc buf;
+ /* XXX we also need to deserialise the current server name */
+
if (remain < 4) {
*minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
}
-
buf.length = load_uint32_be(p);
- if (buf.length != 0) {
- *minor = EINVAL;
+ if (remain < buf.length) {
+ *minor = ERANGE;
return GSS_S_DEFECTIVE_TOKEN;
+
}
+ buf.value = &p[4];
+
+ major = duplicateBuffer(minor, &buf, &ctx->acceptorCtx.state);
+ if (GSS_ERROR(major))
+ return major;
+
+ *pBuf += 4 + buf.length;
+ *pRemain -= 4 + buf.length;
- *minor = 0;
return GSS_S_COMPLETE;
}
tmp.value = p + 4;
major = gssEapImportNameInternal(minor, &tmp, pName,
- EXPORT_NAME_FLAG_ATTRS);
+ EXPORT_NAME_FLAG_COMPOSITE);
if (GSS_ERROR(major))
return major;
}
remain -= 16;
/* Validate state */
- if (ctx->state < EAP_STATE_AUTHENTICATE ||
+ if (ctx->state < EAP_STATE_IDENTITY ||
ctx->state > EAP_STATE_ESTABLISHED)
return GSS_S_DEFECTIVE_TOKEN;
* acceptor contexts.
*/
if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) {
+ assert((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) == 0);
+
major = gssEapImportPartialContext(minor, &p, &remain, ctx);
if (GSS_ERROR(major))
return major;
}
+#ifdef GSSEAP_DEBUG
assert(remain == 0);
+#endif
*minor = 0;
major = GSS_S_COMPLETE;