From: Luke Howard <lukeh@padl.com>
Date: Thu, 10 Mar 2011 05:01:02 +0000 (+1100)
Subject: use directional GSS token types
X-Git-Tag: vm/20110310~3
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=9b28e5622c1cce8df025bb448eb0b717b8fa7bc0

use directional GSS token types
---

diff --git a/util.h b/util.h
index 6a6b912..2a3f66e 100644
--- a/util.h
+++ b/util.h
@@ -154,7 +154,8 @@ enum gss_eap_token_type {
     TOK_TYPE_EXPORT_NAME             = 0x0401,  /* RFC 2743 exported name */
     TOK_TYPE_EXPORT_NAME_COMPOSITE   = 0x0402,  /* exported composite name */
     TOK_TYPE_DELETE_CONTEXT          = 0x0405,  /* RFC 2743 delete context */
-    TOK_TYPE_ESTABLISH_CONTEXT       = 0x0601,  /* establish context */
+    TOK_TYPE_INITIATOR_CONTEXT       = 0x0601,  /* initiator-sent context token */
+    TOK_TYPE_ACCEPTOR_CONTEXT        = 0x0602,  /* acceptor-sent context token */
 };
 
 /* inner token types and flags */
diff --git a/util_sm.c b/util_sm.c
index db28556..59d0679 100644
--- a/util_sm.c
+++ b/util_sm.c
@@ -208,6 +208,7 @@ gssEapSmStep(OM_uint32 *minor,
     unsigned int smFlags = 0;
     size_t i, j;
     int initialContextToken = 0;
+    enum gss_eap_token_type tokType;
 
     assert(smCount > 0);
 
@@ -217,14 +218,13 @@ gssEapSmStep(OM_uint32 *minor,
     outputToken->value = NULL;
 
     if (inputToken != GSS_C_NO_BUFFER && inputToken->length != 0) {
-        enum gss_eap_token_type tokType;
-
         major = gssEapVerifyToken(minor, ctx, inputToken, &tokType,
                                   &unwrappedInputToken);
         if (GSS_ERROR(major))
             goto cleanup;
 
-        if (tokType != TOK_TYPE_ESTABLISH_CONTEXT) {
+        if (tokType != (CTX_IS_INITIATOR(ctx)
+                    ? TOK_TYPE_ACCEPTOR_CONTEXT : TOK_TYPE_INITIATOR_CONTEXT)) {
             major = GSS_S_DEFECTIVE_TOKEN;
             *minor = GSSEAP_WRONG_TOK_ID;
             goto cleanup;
@@ -383,8 +383,13 @@ gssEapSmStep(OM_uint32 *minor,
         tmpMajor = gssEapEncodeInnerTokens(&tmpMinor, innerOutputTokens,
                                            outputTokenTypes, &unwrappedOutputToken);
         if (tmpMajor == GSS_S_COMPLETE) {
+            if (CTX_IS_INITIATOR(ctx))
+                tokType = TOK_TYPE_INITIATOR_CONTEXT;
+            else
+                tokType = TOK_TYPE_ACCEPTOR_CONTEXT;
+
             tmpMajor = gssEapMakeToken(&tmpMinor, ctx, &unwrappedOutputToken,
-                                       TOK_TYPE_ESTABLISH_CONTEXT, outputToken);
+                                       tokType, outputToken);
             if (GSS_ERROR(tmpMajor)) {
                 major = tmpMajor;
                 *minor = tmpMinor;