krb5_principal krbPrinc;
struct rs_context *rc = ctx->acceptorCtx.radContext;
- assert(rc != NULL);
+ GSSEAP_ASSERT(rc != NULL);
if (ctx->acceptorName == GSS_C_NO_NAME) {
*minor = 0;
GSSEAP_KRB_INIT(&krbContext);
krbPrinc = ctx->acceptorName->krbPrincipal;
- assert(krbPrinc != NULL);
- assert(KRB_PRINC_LENGTH(krbPrinc) >= 2);
+ GSSEAP_ASSERT(krbPrinc != NULL);
+ GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc) >= 2);
/* Acceptor-Service-Name */
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf);
gss_ctx_id_t ctx)
{
struct gss_eap_acceptor_ctx *actx = &ctx->acceptorCtx;
- const char *configFile = RS_CONFIG_FILE;
- const char *configStanza = "gss-eap";
- struct rs_alloc_scheme ralloc;
struct rs_error *err;
+ const char *configStanza = "gss-eap";
+ OM_uint32 major;
- assert(actx->radContext == NULL);
- assert(actx->radConn == NULL);
+ GSSEAP_ASSERT(actx->radContext == NULL);
+ GSSEAP_ASSERT(actx->radConn == NULL);
+ GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
- if (rs_context_create(&actx->radContext) != 0) {
- *minor = GSSEAP_RADSEC_CONTEXT_FAILURE;
- return GSS_S_FAILURE;
- }
+ major = gssEapCreateRadiusContext(minor, cred, &actx->radContext);
+ if (GSS_ERROR(major))
+ return major;
- if (cred->radiusConfigFile.value != NULL)
- configFile = (const char *)cred->radiusConfigFile.value;
if (cred->radiusConfigStanza.value != NULL)
configStanza = (const char *)cred->radiusConfigStanza.value;
- ralloc.calloc = GSSEAP_CALLOC;
- ralloc.malloc = GSSEAP_MALLOC;
- ralloc.free = GSSEAP_FREE;
- ralloc.realloc = GSSEAP_REALLOC;
-
- rs_context_set_alloc_scheme(actx->radContext, &ralloc);
-
- if (rs_context_read_config(actx->radContext, configFile) != 0) {
- err = rs_err_ctx_pop(actx->radContext);
- goto fail;
- }
-
- if (rs_context_init_freeradius_dict(actx->radContext, NULL) != 0) {
- err = rs_err_ctx_pop(actx->radContext);
- goto fail;
- }
-
if (rs_conn_create(actx->radContext, &actx->radConn, configStanza) != 0) {
err = rs_err_conn_pop(actx->radConn);
- goto fail;
+ return gssEapRadiusMapError(minor, err);
}
if (actx->radServer != NULL) {
if (rs_conn_select_peer(actx->radConn, actx->radServer) != 0) {
err = rs_err_conn_pop(actx->radConn);
- goto fail;
+ return gssEapRadiusMapError(minor, err);
}
}
*minor = 0;
return GSS_S_COMPLETE;
-
-fail:
- return gssEapRadiusMapError(minor, err);
}
/*
goto cleanup;
}
- assert(resp != NULL);
+ GSSEAP_ASSERT(resp != NULL);
frresp = rs_packet_frpkt(resp);
switch (frresp->code) {
if (resp != NULL)
rs_packet_destroy(resp);
if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIATOR_EXTS) {
- assert(major == GSS_S_CONTINUE_NEEDED);
+ GSSEAP_ASSERT(major == GSS_S_CONTINUE_NEEDED);
rs_conn_destroy(ctx->acceptorCtx.radConn);
ctx->acceptorCtx.radConn = NULL;
unsigned char *p;
OM_uint32 initiatorGssFlags;
- assert((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
+ GSSEAP_ASSERT((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
if (inputToken->length < 4) {
*minor = GSSEAP_TOK_TRUNC;
cred = ctx->cred;
}
- GSSEAP_MUTEX_LOCK(&cred->mutex);
+ /*
+ * Previously we acquired the credential mutex here, but it should not be
+ * necessary as the acceptor does not access any mutable elements of the
+ * credential handle.
+ */
/*
* Calling gssEapInquireCred() forces the default acceptor credential name
}
}
- assert(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED);
+ GSSEAP_ASSERT(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED);
cleanup:
- if (cred != GSS_C_NO_CREDENTIAL)
- GSSEAP_MUTEX_UNLOCK(&cred->mutex);
-
return major;
}