From 6af814ab7e9e74ac6176e7fc7d20cf9870704d44 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Tue, 8 Mar 2011 18:02:55 +1100 Subject: [PATCH] cleanup TLV code --- accept_sec_context.c | 12 +++++++++--- gssapiP_eap.h | 5 +++-- init_sec_context.c | 32 +++++++++++++++++++------------- util_sm.c | 3 +++ 4 files changed, 34 insertions(+), 18 deletions(-) diff --git a/accept_sec_context.c b/accept_sec_context.c index 9983cad..ea7c50f 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -637,9 +637,15 @@ eapGssSmAcceptCompleteExts(OM_uint32 *minor, OM_uint32 *smFlags) { *minor = 0; - *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; - return (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) ? - GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE; + + if (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) { + *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; + return GSS_S_CONTINUE_NEEDED; + } else { + ctx->state = GSSEAP_STATE_ESTABLISHED; + *smFlags |= SM_FLAG_STOP_EVAL; + return GSS_S_COMPLETE; + } } static struct gss_eap_sm eapGssAcceptorSm[] = { diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 71e697c..752311e 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -145,8 +145,9 @@ enum gss_eap_state { GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */ GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */ GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */ - GSSEAP_STATE_ESTABLISHED = 0x10, /* context established */ - GSSEAP_STATE_ALL = 0x1F + GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */ + GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */ + GSSEAP_STATE_ALL = 0x3F }; #define GSSEAP_STATE_NEXT(s) ((s) << 1) diff --git a/init_sec_context.c b/init_sec_context.c index e42d1f4..c565625 100644 --- a/init_sec_context.c +++ b/init_sec_context.c @@ -485,7 +485,7 @@ eapGssSmInitGssReauth(OM_uint32 *minor, goto cleanup; ctx->state = GSSEAP_STATE_ESTABLISHED; } else { - *smFlags |= SM_FLAG_TRANSITION; + ctx->state = GSSEAP_STATE_REAUTHENTICATE; } cleanup: @@ -719,9 +719,15 @@ eapGssSmInitCompleteExts(OM_uint32 *minor, OM_uint32 *smFlags) { *minor = 0; - *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; - return (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) ? - GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE; + + if (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) { + *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; + return GSS_S_CONTINUE_NEEDED; + } else { + ctx->state = GSSEAP_STATE_ESTABLISHED; + *smFlags |= SM_FLAG_STOP_EVAL; + return GSS_S_COMPLETE; + } } static struct gss_eap_sm eapGssInitiatorSm[] = { @@ -732,15 +738,6 @@ static struct gss_eap_sm eapGssInitiatorSm[] = { SM_ITOK_FLAG_CRITICAL, eapGssSmInitError, }, -#ifdef GSSEAP_ENABLE_REAUTH - { - ITOK_TYPE_REAUTH_RESP, - ITOK_TYPE_REAUTH_REQ, - GSSEAP_STATE_INITIAL | GSSEAP_STATE_AUTHENTICATE, - 0, - eapGssSmInitGssReauth, - }, -#endif #ifdef GSSEAP_DEBUG { ITOK_TYPE_NONE, @@ -750,6 +747,15 @@ static struct gss_eap_sm eapGssInitiatorSm[] = { eapGssSmInitVendorInfo, }, #endif +#ifdef GSSEAP_ENABLE_REAUTH + { + ITOK_TYPE_REAUTH_RESP, + ITOK_TYPE_REAUTH_REQ, + GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE, + 0, + eapGssSmInitGssReauth, + }, +#endif { ITOK_TYPE_NONE, ITOK_TYPE_NONE, diff --git a/util_sm.c b/util_sm.c index d47dca5..9b18ea3 100644 --- a/util_sm.c +++ b/util_sm.c @@ -54,6 +54,9 @@ gssEapStateToString(enum gss_eap_state state) case GSSEAP_STATE_ACCEPTOR_EXTS: s = "ACCEPTOR_EXTS"; break; + case GSSEAP_STATE_REAUTHENTICATE: + s = "REAUTHENTICATE"; + break; case GSSEAP_STATE_ESTABLISHED: s = "ESTABLISHED"; break; -- 2.1.4