/* * Mark an acceptor context as ready for cryptographic operations */ static OM_uint32 acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred) { OM_uint32 major, tmpMinor; rs_const_avp *vp; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; /* Cache encryption type derived from selected mechanism OID */ major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType); if (GSS_ERROR(major)) return major; gssEapReleaseName(&tmpMinor, &ctx->initiatorName); major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps, PW_USER_NAME, 0, &vp); if (major == GSS_S_COMPLETE && rs_avp_length(vp) != 0) { rs_avp_octets_value_byref((rs_avp *)vp, (unsigned char **)&nameBuf.value, &nameBuf.length); } else { ctx->gssFlags |= GSS_C_ANON_FLAG; } major = gssEapImportName(minor, &nameBuf, (ctx->gssFlags & GSS_C_ANON_FLAG) ? GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME, ctx->mechanismUsed, &ctx->initiatorName); if (GSS_ERROR(major)) return major; major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps, PW_MS_MPPE_SEND_KEY, VENDORPEC_MICROSOFT, &vp); if (GSS_ERROR(major)) { *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; } major = gssEapDeriveRfc3961Key(minor, rs_avp_octets_value_const_ptr(vp), rs_avp_length(vp), ctx->encryptionType, &ctx->rfc3961Key); if (GSS_ERROR(major)) return major; major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, &ctx->checksumType); if (GSS_ERROR(major)) return major; major = sequenceInit(minor, &ctx->seqState, ctx->recvSeq, ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), TRUE); if (GSS_ERROR(major)) return major; major = gssEapCreateAttrContext(minor, cred, ctx, &ctx->initiatorName->attrCtx, &ctx->expiryTime); if (GSS_ERROR(major)) return major; if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) { *minor = GSSEAP_CRED_EXPIRED; return GSS_S_CREDENTIALS_EXPIRED; } *minor = 0; return GSS_S_COMPLETE; }
bool gss_eap_radius_attr_provider::getAttribute(const gss_eap_attrid &attrid, int *authenticated, int *complete, gss_buffer_t value, gss_buffer_t display_value, int *more) const { rs_const_avp *vp; int i = *more, count = 0; *more = 0; if (i == -1) i = 0; if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid)) { return false; } else if (isFragmentedAttributeP(attrid)) { return getFragmentedAttribute(attrid, authenticated, complete, value); } for (vp = rs_avp_find_const(m_vps, attrid.second, attrid.first); vp != NULL; vp = rs_avp_find_const(rs_avp_next_const(vp), attrid.second, attrid.first)) { if (count++ == i) { if (rs_avp_find_const(rs_avp_next_const(vp), attrid.second, attrid.first) != NULL) *more = count; break; } } if (vp == NULL && *more == 0) return false; if (value != GSS_C_NO_BUFFER) { gss_buffer_desc valueBuf; rs_avp_octets_value_byref((rs_avp *)vp, (unsigned char **)&valueBuf.value, &valueBuf.length); duplicateBuffer(valueBuf, value); } if (display_value != GSS_C_NO_BUFFER && !rs_avp_is_octets(vp)) { char displayString[RS_MAX_STRING_LEN]; gss_buffer_desc displayBuf; displayBuf.length = rs_avp_display_value(vp, displayString, sizeof(displayString)); displayBuf.value = (void *)displayString; duplicateBuffer(displayBuf, display_value); } if (authenticated != NULL) *authenticated = m_authenticated; if (complete != NULL) *complete = true; return true; }