Support for libradius

[mech_eap.orig] / init_sec_context.c

diff --git a/init_sec_context.c b/init_sec_context.c
index a54a3cb..9ec5e66 100644 (file)
--- a/init_sec_context.c
+++ b/init_sec_context.c
@@ -68,7 +68,6 @@ policyVariableToFlag(enum eapol_bool_var variable)
     }
 
     return flag;
-        
 }
 
 static struct eap_peer_config *
@@ -248,13 +247,13 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx)
         eap_key_available(ctx->initiatorCtx.eap)) {
         key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength);
 
-        major = rfc3961EncTypeToChecksumType(minor, ctx->encryptionType,
-                                             &ctx->checksumType);
+        major = gssEapDeriveRfc3961Key(minor, key, keyLength,
+                                       ctx->encryptionType, &ctx->rfc3961Key);
         if (GSS_ERROR(major))
             return major;
 
-        major = gssEapDeriveRfc3961Key(minor, key, keyLength,
-                                       ctx->encryptionType, &ctx->rfc3961Key);
+        major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
+                                           &ctx->checksumType);
         if (GSS_ERROR(major))
             return major;
     } else {
@@ -266,10 +265,14 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx)
         ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG);
     }
 
-    sequenceInit(&ctx->seqState, ctx->recvSeq,
-                 ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
-                 ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
-                 TRUE);
+    major = sequenceInit(minor,
+                         &ctx->seqState,
+                         ctx->recvSeq,
+                         ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
+                         ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
+                         TRUE);
+    if (GSS_ERROR(major))
+        return major;
 
     return GSS_S_COMPLETE;
 }
@@ -290,10 +293,7 @@ eapGssSmInitAuthenticate(OM_uint32 *minor,
     OM_uint32 tmpMajor, tmpMinor;
     time_t now;
     int initialContextToken = 0, code;
-    gss_buffer_desc respBuf;
-
-    respBuf.length = 0;
-    respBuf.value = NULL;
+    gss_buffer_desc respBuf = GSS_C_EMPTY_BUFFER;
 
     initialContextToken = (inputToken == GSS_C_NO_BUFFER ||
                            inputToken->length == 0);
@@ -375,7 +375,9 @@ eapGssSmInitAuthenticate(OM_uint32 *minor,
         ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS);
         major = GSS_S_CONTINUE_NEEDED;
         ctx->state = EAP_STATE_GSS_CHANNEL_BINDINGS;
-    } else if ((ctx->flags & CTX_FLAG_EAP_FAIL) || code == 0) {
+    } else if (ctx->flags & CTX_FLAG_EAP_FAIL) {
+        major = GSS_S_DEFECTIVE_CREDENTIAL;
+    } else if (code == 0) {
         major = GSS_S_FAILURE;
     }
 
@@ -499,7 +501,7 @@ eapGssSmInitEstablished(OM_uint32 *minor,
     return GSS_S_BAD_STATUS;
 }
 
-static struct eap_gss_initiator_sm {
+static struct gss_eap_initiator_sm {
     enum gss_eap_token_type inputTokenType;
     enum gss_eap_token_type outputTokenType;
     OM_uint32 (*processToken)(OM_uint32 *,
@@ -540,14 +542,12 @@ gss_init_sec_context(OM_uint32 *minor,
     OM_uint32 major;
     OM_uint32 tmpMajor, tmpMinor;
     gss_ctx_id_t ctx = *context_handle;
-    struct eap_gss_initiator_sm *sm = NULL;
-    gss_buffer_desc innerInputToken, innerOutputToken;
+    struct gss_eap_initiator_sm *sm = NULL;
+    gss_buffer_desc innerInputToken;
+    gss_buffer_desc innerOutputToken = GSS_C_EMPTY_BUFFER;
 
     *minor = 0;
 
-    innerOutputToken.length = 0;
-    innerOutputToken.value = NULL;
-
     output_token->length = 0;
     output_token->value = NULL;