* SUCH DAMAGE.
*/
+/*
+ * Extension token support.
+ */
+
#include "gssapiP_eap.h"
static OM_uint32
major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL,
iov, 2, TOK_TYPE_WRAP);
if (GSS_ERROR(major))
- return major;
+ return GSS_S_BAD_BINDINGS;
if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS &&
!bufferEqual(&iov[0].buffer, &chanBindings->application_data)) {
major = GSS_S_BAD_BINDINGS;
+ *minor = GSSEAP_BINDINGS_MISMATCH;
} else {
major = GSS_S_COMPLETE;
}
gss_channel_bindings_t chanBindings,
gss_buffer_t inputToken)
{
+ OM_uint32 major = GSS_S_UNAVAILABLE;
+
#ifdef GSSEAP_ENABLE_REAUTH
- return gssEapStoreReauthCreds(minor, ctx, cred, inputToken);
-#else
- return GSS_S_UNAVAILABLE;
+ major = gssEapStoreReauthCreds(minor, ctx, cred, inputToken);
#endif
+
+ return major;
}
static struct gss_eap_extension_provider
};
OM_uint32
-gssEapMakeExtensions(OM_uint32 *minor,
- gss_cred_id_t cred,
- gss_ctx_id_t ctx,
- gss_channel_bindings_t chanBindings,
- gss_buffer_t buffer)
+makeExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ const struct gss_eap_extension_provider *exts,
+ size_t nexts,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t buffer)
{
OM_uint32 major, tmpMinor;
- size_t i, j, nexts;
+ size_t i, j;
gss_buffer_set_t extensions = GSS_C_NO_BUFFER_SET;
OM_uint32 *types;
- const struct gss_eap_extension_provider *exts;
-
- if (CTX_IS_INITIATOR(ctx)) {
- exts = eapGssInitExtensions;
- nexts = sizeof(eapGssInitExtensions) / sizeof(eapGssInitExtensions[0]);
- } else {
- exts = eapGssAcceptExtensions;
- nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
- }
assert(buffer != GSS_C_NO_BUFFER);
types = GSSEAP_CALLOC(nexts, sizeof(OM_uint32));
if (types == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
}
OM_uint32
-gssEapVerifyExtensions(OM_uint32 *minor,
- gss_cred_id_t cred,
- gss_ctx_id_t ctx,
- gss_channel_bindings_t chanBindings,
- const gss_buffer_t buffer)
+gssEapMakeExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t buffer)
{
- OM_uint32 major, tmpMinor;
- gss_buffer_set_t extensions = GSS_C_NO_BUFFER_SET;
- OM_uint32 *types = NULL;
- size_t i, nexts;
+ size_t nexts;
const struct gss_eap_extension_provider *exts;
if (CTX_IS_INITIATOR(ctx)) {
- exts = eapGssAcceptExtensions;
- nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
- } else {
exts = eapGssInitExtensions;
nexts = sizeof(eapGssInitExtensions) / sizeof(eapGssInitExtensions[0]);
+ } else {
+ exts = eapGssAcceptExtensions;
+ nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
}
+ return makeExtensions(minor, cred, ctx, exts, nexts, chanBindings, buffer);
+}
+
+static OM_uint32
+verifyExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ const struct gss_eap_extension_provider *exts,
+ size_t nexts,
+ gss_channel_bindings_t chanBindings,
+ const gss_buffer_t buffer)
+{
+ OM_uint32 major, tmpMinor;
+ gss_buffer_set_t extensions = GSS_C_NO_BUFFER_SET;
+ OM_uint32 *types = NULL;
+ size_t i;
+
major = decodeExtensions(minor, buffer, &extensions, &types);
if (GSS_ERROR(major))
goto cleanup;
types[j] |= EXT_FLAG_VERIFIED;
} else if (ext->required) {
/* Required extension missing */
- *minor = ENOENT;
major = GSS_S_UNAVAILABLE;
- gssEapSaveStatusInfo(*minor,
- "Missing required GSS EAP extension %08x",
- ext->type);
+ *minor = GSSEAP_MISSING_REQUIRED_EXT;
goto cleanup;
}
}
for (i = 0; i < extensions->count; i++) {
if ((types[i] & EXT_FLAG_CRITICAL) &&
(types[i] & EXT_FLAG_VERIFIED) == 0) {
- *minor = ENOSYS;
major = GSS_S_UNAVAILABLE;
- gssEapSaveStatusInfo(*minor,
- "Received unknown critical GSS EAP extension %08x",
- (types[i] & EXT_TYPE_MASK));
+ *minor = GSSEAP_CRIT_EXT_UNAVAILABLE;
goto cleanup;
}
}
- *minor = 0;
major = GSS_S_COMPLETE;
+ *minor = 0;
cleanup:
gss_release_buffer_set(&tmpMinor, &extensions);
return major;
}
+OM_uint32
+gssEapVerifyExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ const gss_buffer_t buffer)
+{
+ size_t nexts;
+ const struct gss_eap_extension_provider *exts;
+
+ if (CTX_IS_INITIATOR(ctx)) {
+ exts = eapGssAcceptExtensions;
+ nexts = sizeof(eapGssAcceptExtensions) / sizeof(eapGssAcceptExtensions[0]);
+ } else {
+ exts = eapGssInitExtensions;
+ nexts = sizeof(eapGssInitExtensions) / sizeof(eapGssInitExtensions[0]);
+ }
+
+ return verifyExtensions(minor, cred, ctx, exts, nexts, chanBindings, buffer);
+}
+
static OM_uint32
encodeExtensions(OM_uint32 *minor,
gss_buffer_set_t extensions,
*/
buffer->value = GSSEAP_MALLOC(required ? required : 1);
if (buffer->value == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
assert(p == (unsigned char *)buffer->value + required);
assert(buffer->value != NULL);
+ major = GSS_S_COMPLETE;
+ *minor = 0;
+
cleanup:
if (GSS_ERROR(major)) {
gss_release_buffer(&tmpMinor, buffer);
if (remain < 8) {
major = GSS_S_DEFECTIVE_TOKEN;
+ *minor = GSSEAP_TOK_TRUNC;
goto cleanup;
}
ntypes = GSSEAP_REALLOC(types,
(extensions->count + 1) * sizeof(OM_uint32));
if (ntypes == NULL) {
- *minor = ENOMEM;
major = GSS_S_FAILURE;
+ *minor = ENOMEM;
goto cleanup;
}
types = ntypes;
if (remain < 8 + extension.length) {
major = GSS_S_DEFECTIVE_TOKEN;
+ *minor = GSSEAP_TOK_TRUNC;
goto cleanup;
}
extension.value = &p[8];
return major;
}
-
-
projects / mech_eap.orig / blobdiff