* to these services in the output of GSS_Init_sec_context and
* GSS_Accept_sec_context.
*/
- ctx->gssFlags = GSS_C_INTEG_FLAG |
- GSS_C_CONF_FLAG |
- GSS_C_SEQUENCE_FLAG |
- GSS_C_REPLAY_FLAG;
+ ctx->gssFlags = GSS_C_TRANS_FLAG | /* exporting contexts */
+ GSS_C_INTEG_FLAG | /* integrity */
+ GSS_C_CONF_FLAG | /* confidentiality */
+ GSS_C_SEQUENCE_FLAG | /* sequencing */
+ GSS_C_REPLAY_FLAG; /* replay detection */
*pCtx = ctx;
}
static void
-releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx)
+releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
{
eap_peer_sm_deinit(ctx->eap);
- wpabuf_free(ctx->eapReqData);
}
static void
-releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx)
+releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
{
+ if (ctx->avps != NULL)
+ rc_avpair_free(ctx->avps);
+ if (ctx->radHandle != NULL)
+ rc_config_free(ctx->radHandle);
}
OM_uint32
gssEapReleaseContext(OM_uint32 *minor,
gss_ctx_id_t *pCtx)
{
- OM_uint32 major, tmpMinor;
+ OM_uint32 tmpMinor;
gss_ctx_id_t ctx = *pCtx;
krb5_context krbContext = NULL;
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
gssEapReleaseName(&tmpMinor, &ctx->acceptorName);
gss_release_oid(&tmpMinor, &ctx->mechanismUsed);
- sequenceFree(ctx->seqState);
+ sequenceFree(&tmpMinor, &ctx->seqState);
GSSEAP_MUTEX_DESTROY(&ctx->mutex);
enum gss_eap_token_type tokenType,
gss_buffer_t outputToken)
{
- OM_uint32 major;
unsigned char *p;
outputToken->length = tokenSize(ctx->mechanismUsed, innerToken->length);
OM_uint32 major;
size_t bodySize;
unsigned char *p = (unsigned char *)inputToken->value;
+ gss_OID_desc oidBuf;
+ gss_OID oid;
+
+ if (ctx->mechanismUsed != GSS_C_NO_OID) {
+ oid = ctx->mechanismUsed;
+ } else {
+ oidBuf.elements = NULL;
+ oidBuf.length = 0;
+ oid = &oidBuf;
+ }
- major = verifyTokenHeader(ctx->mechanismUsed, &bodySize, &p,
+ major = verifyTokenHeader(minor, oid, &bodySize, &p,
inputToken->length, tokenType);
if (GSS_ERROR(major))
- return major;
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ if (ctx->mechanismUsed == GSS_C_NO_OID) {
+ if (!gssEapIsConcreteMechanismOid(oid))
+ return GSS_S_BAD_MECH;
+
+ if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) {
+ major = duplicateOid(minor, oid, &ctx->mechanismUsed);
+ if (GSS_ERROR(major))
+ return major;
+ }
+ }
innerInputToken->length = bodySize;
innerInputToken->value = p;