OM_uint32 gssEapCreateRadiusContext(OM_uint32 *minor, gss_cred_id_t cred, struct rs_context **pRadContext) { const char *configFile = RS_CONFIG_FILE; struct rs_context *radContext; struct rs_alloc_scheme ralloc; struct rs_error *err; OM_uint32 major; *pRadContext = NULL; if (rs_context_create(&radContext) != 0) { *minor = GSSEAP_RADSEC_CONTEXT_FAILURE; return GSS_S_FAILURE; } if (cred->radiusConfigFile.value != NULL) configFile = (const char *)cred->radiusConfigFile.value; ralloc.calloc = GSSEAP_CALLOC; ralloc.malloc = GSSEAP_MALLOC; ralloc.free = GSSEAP_FREE; ralloc.realloc = GSSEAP_REALLOC; rs_context_set_alloc_scheme(radContext, &ralloc); if (rs_context_read_config(radContext, configFile) != 0) { err = rs_err_ctx_pop(radContext); goto fail; } *pRadContext = radContext; *minor = 0; return GSS_S_COMPLETE; fail: major = gssEapRadiusMapError(minor, err); rs_context_destroy(radContext); return major; }
OM_uint32 gssEapAcquireCred(OM_uint32 *minor, const gss_name_t desiredName, OM_uint32 timeReq GSSEAP_UNUSED, const gss_OID_set desiredMechs, int credUsage, gss_cred_id_t *pCred, gss_OID_set *pActualMechs, OM_uint32 *timeRec) { OM_uint32 major, tmpMinor; gss_cred_id_t cred; /* XXX TODO validate with changed set_cred_option API */ *pCred = GSS_C_NO_CREDENTIAL; major = gssEapAllocCred(minor, &cred); if (GSS_ERROR(major)) goto cleanup; switch (credUsage) { case GSS_C_BOTH: cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT; break; case GSS_C_INITIATE: cred->flags |= CRED_FLAG_INITIATE; break; case GSS_C_ACCEPT: cred->flags |= CRED_FLAG_ACCEPT; break; default: major = GSS_S_FAILURE; *minor = GSSEAP_BAD_USAGE; goto cleanup; break; } major = gssEapValidateMechs(minor, desiredMechs); if (GSS_ERROR(major)) goto cleanup; major = duplicateOidSet(minor, desiredMechs, &cred->mechanisms); if (GSS_ERROR(major)) goto cleanup; if (desiredName != GSS_C_NO_NAME) { GSSEAP_MUTEX_LOCK(&desiredName->mutex); major = gssEapDuplicateName(minor, desiredName, &cred->name); if (GSS_ERROR(major)) { GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); goto cleanup; } GSSEAP_MUTEX_UNLOCK(&desiredName->mutex); } #ifdef GSSEAP_ENABLE_ACCEPTOR if (cred->flags & CRED_FLAG_ACCEPT) { #ifdef MECH_EAP struct rs_context *radContext; major = gssEapCreateRadiusContext(minor, cred, &radContext); if (GSS_ERROR(major)) goto cleanup; rs_context_destroy(radContext); #endif } #endif if (pActualMechs != NULL) { major = duplicateOidSet(minor, cred->mechanisms, pActualMechs); if (GSS_ERROR(major)) goto cleanup; } if (timeRec != NULL) *timeRec = GSS_C_INDEFINITE; *pCred = cred; major = GSS_S_COMPLETE; *minor = 0; cleanup: if (GSS_ERROR(major)) gssEapReleaseCred(&tmpMinor, &cred); return major; }