if (GSS_ERROR(major))
return major;
- ctx->state = EAP_STATE_AUTHENTICATE;
+ ctx->state = GSSEAP_STATE_AUTHENTICATE;
*minor = 0;
return GSS_S_CONTINUE_NEEDED;
if (GSS_ERROR(major))
goto cleanup;
- ctx->state = EAP_STATE_EXTENSIONS_REQ;
+ ctx->state = GSSEAP_STATE_EXTENSIONS_REQ;
}
*minor = 0;
outputToken->length = 0;
outputToken->value = NULL;
- ctx->state = EAP_STATE_EXTENSIONS_RESP;
+ ctx->state = GSSEAP_STATE_EXTENSIONS_RESP;
*minor = 0;
return GSS_S_CONTINUE_NEEDED;
if (GSS_ERROR(major))
return major;
- ctx->state = EAP_STATE_ESTABLISHED;
+ ctx->state = GSSEAP_STATE_ESTABLISHED;
*minor = 0;
return GSS_S_COMPLETE;
* machine and process Kerberos GSS messages instead.
*/
if (tokType == TOK_TYPE_GSS_REAUTH && initialContextToken) {
- ctx->state = EAP_STATE_KRB_REAUTH_GSS;
+ ctx->state = GSSEAP_STATE_KRB_REAUTH;
} else
#endif
if (tokType != sm->inputTokenType) {
goto cleanup;
}
- sm = &eapGssAcceptorSm[EAP_STATE_ERROR];
+ sm = &eapGssAcceptorSm[GSSEAP_STATE_ERROR];
goto send_token;
}
} while (major == GSS_S_CONTINUE_NEEDED && innerOutputToken.length == 0);
}
}
- assert(ctx->state == EAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED);
+ assert(ctx->state == GSSEAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED);
send_token:
if (innerOutputToken.value != NULL) {
if (GSS_ERROR(major))
return major;
- ctx->state = EAP_STATE_ESTABLISHED;
+ ctx->state = GSSEAP_STATE_ESTABLISHED;
*minor = 0;
return GSS_S_COMPLETE;
gss_OID mech = GSS_C_NO_OID;
OM_uint32 gssFlags, timeRec = GSS_C_INDEFINITE;
- ctx->flags |= CTX_FLAG_KRB_REAUTH_GSS;
+ ctx->flags |= CTX_FLAG_KRB_REAUTH;
if (cred != GSS_C_NO_CREDENTIAL)
krbCred = cred->krbCred;
* contexts.
*/
if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) {
- assert((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) == 0);
+ assert((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
major = gssEapExportPartialContext(minor, ctx, &partialCtx);
if (GSS_ERROR(major))
};
#define CTX_FLAG_INITIATOR 0x00000001
-#define CTX_FLAG_KRB_REAUTH_GSS 0x00000002
+#define CTX_FLAG_KRB_REAUTH 0x00000002
#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
enum gss_eap_state {
- EAP_STATE_IDENTITY = 0,
- EAP_STATE_AUTHENTICATE,
- EAP_STATE_EXTENSIONS_REQ,
- EAP_STATE_EXTENSIONS_RESP,
- EAP_STATE_ESTABLISHED,
- EAP_STATE_ERROR,
+ GSSEAP_STATE_IDENTITY = 0,
+ GSSEAP_STATE_AUTHENTICATE,
+ GSSEAP_STATE_EXTENSIONS_REQ,
+ GSSEAP_STATE_EXTENSIONS_RESP,
+ GSSEAP_STATE_ESTABLISHED,
+ GSSEAP_STATE_ERROR,
#ifdef GSSEAP_ENABLE_REAUTH
- EAP_STATE_KRB_REAUTH_GSS
+ GSSEAP_STATE_KRB_REAUTH
#endif
};
-#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == EAP_STATE_ESTABLISHED)
+#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == GSSEAP_STATE_ESTABLISHED)
/* Initiator context flags */
#define CTX_FLAG_EAP_SUCCESS 0x00010000
remain -= 16;
/* Validate state */
- if (ctx->state < EAP_STATE_IDENTITY ||
- ctx->state > EAP_STATE_ESTABLISHED)
+ if (ctx->state < GSSEAP_STATE_IDENTITY ||
+ ctx->state > GSSEAP_STATE_ESTABLISHED)
return GSS_S_DEFECTIVE_TOKEN;
/* Only acceptor can export partial context tokens */
* acceptor contexts.
*/
if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) {
- assert((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) == 0);
+ assert((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
major = gssEapImportPartialContext(minor, &p, &remain, ctx);
if (GSS_ERROR(major))
if (GSS_ERROR(major))
return major;
- ctx->state = EAP_STATE_AUTHENTICATE;
+ ctx->state = GSSEAP_STATE_AUTHENTICATE;
*minor = 0;
return GSS_S_CONTINUE_NEEDED;
ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS);
major = GSS_S_CONTINUE_NEEDED;
- ctx->state = EAP_STATE_EXTENSIONS_REQ;
+ ctx->state = GSSEAP_STATE_EXTENSIONS_REQ;
} else if (ctx->flags & CTX_FLAG_EAP_FAIL) {
major = GSS_S_DEFECTIVE_CREDENTIAL;
*minor = GSSEAP_PEER_AUTH_FAILURE;
assert(outputToken->value != NULL);
- ctx->state = EAP_STATE_EXTENSIONS_RESP;
+ ctx->state = GSSEAP_STATE_EXTENSIONS_RESP;
*minor = 0;
return GSS_S_CONTINUE_NEEDED;
if (GSS_ERROR(major))
return major;
- ctx->state = EAP_STATE_ESTABLISHED;
+ ctx->state = GSSEAP_STATE_ESTABLISHED;
*minor = 0;
return GSS_S_COMPLETE;
#ifdef GSSEAP_ENABLE_REAUTH
if (initialContextToken && gssEapCanReauthP(cred, target_name, time_req))
- ctx->state = EAP_STATE_KRB_REAUTH_GSS;
+ ctx->state = GSSEAP_STATE_KRB_REAUTH;
#endif
if ((cred->flags & CRED_FLAG_INITIATE) == 0) {
goto cleanup;
if (tokType == TOK_TYPE_CONTEXT_ERR) {
- ctx->state = EAP_STATE_ERROR;
+ ctx->state = GSSEAP_STATE_ERROR;
} else if (tokType != sm->inputTokenType) {
major = GSS_S_DEFECTIVE_TOKEN;
*minor = GSSEAP_WRONG_TOK_ID;
if (time_rec != NULL)
gssEapContextTime(&tmpMinor, ctx, time_rec);
- assert(ctx->state == EAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED);
+ assert(ctx->state == GSSEAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED);
cleanup:
if (cred != GSS_C_NO_CREDENTIAL)
assert(cred != GSS_C_NO_CREDENTIAL);
- ctx->flags |= CTX_FLAG_KRB_REAUTH_GSS;
+ ctx->flags |= CTX_FLAG_KRB_REAUTH;
if (inputToken->length == 0) {
major = initBegin(minor, cred, ctx, target, mech,
major = gssEapReauthComplete(minor, ctx, cred, actualMech, timeRec);
if (GSS_ERROR(major))
goto cleanup;
- ctx->state = EAP_STATE_ESTABLISHED;
+ ctx->state = GSSEAP_STATE_ESTABLISHED;
}
cleanup:
return GSS_S_FAILURE;
}
- ctx->state = EAP_STATE_IDENTITY;
+ ctx->state = GSSEAP_STATE_IDENTITY;
/*
* Integrity, confidentiality, sequencing and replay detection are
gssEapKerberosInit(&tmpMinor, &krbContext);
#ifdef GSSEAP_ENABLE_REAUTH
- if (ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) {
+ if (ctx->flags & CTX_FLAG_KRB_REAUTH) {
gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
} else
#endif
if (isAcceptor)
flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
- if ((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) &&
+ if ((ctx->flags & CTX_FLAG_KRB_REAUTH) &&
(ctx->gssFlags & GSS_C_MUTUAL_FLAG))
flags |= TOK_FLAG_ACCEPTOR_SUBKEY;