/*
* Mark an acceptor context as ready for cryptographic operations
*/
static OM_uint32
acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
{
OM_uint32 major, tmpMinor;
rs_const_avp *vp;
gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
/* Cache encryption type derived from selected mechanism OID */
major = gssEapOidToEnctype(minor, ctx->mechanismUsed,
&ctx->encryptionType);
if (GSS_ERROR(major))
return major;
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_USER_NAME, 0, &vp);
if (major == GSS_S_COMPLETE && rs_avp_length(vp) != 0) {
rs_avp_octets_value_byref((rs_avp *)vp,
(unsigned char **)&nameBuf.value,
&nameBuf.length);
} else {
ctx->gssFlags |= GSS_C_ANON_FLAG;
}
major = gssEapImportName(minor, &nameBuf,
(ctx->gssFlags & GSS_C_ANON_FLAG) ?
GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME,
ctx->mechanismUsed,
&ctx->initiatorName);
if (GSS_ERROR(major))
return major;
major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_MS_MPPE_SEND_KEY, VENDORPEC_MICROSOFT, &vp);
if (GSS_ERROR(major)) {
*minor = GSSEAP_KEY_UNAVAILABLE;
return GSS_S_UNAVAILABLE;
}
major = gssEapDeriveRfc3961Key(minor,
rs_avp_octets_value_const_ptr(vp),
rs_avp_length(vp),
ctx->encryptionType,
&ctx->rfc3961Key);
if (GSS_ERROR(major))
return major;
major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
&ctx->checksumType);
if (GSS_ERROR(major))
return major;
major = sequenceInit(minor,
&ctx->seqState, ctx->recvSeq,
((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
TRUE);
if (GSS_ERROR(major))
return major;
major = gssEapCreateAttrContext(minor, cred, ctx,
&ctx->initiatorName->attrCtx,
&ctx->expiryTime);
if (GSS_ERROR(major))
return major;
if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) {
*minor = GSSEAP_CRED_EXPIRED;
return GSS_S_CREDENTIALS_EXPIRED;
}
*minor = 0;
return GSS_S_COMPLETE;
}
bool
gss_eap_radius_attr_provider::getAttribute(const gss_eap_attrid &attrid,
int *authenticated,
int *complete,
gss_buffer_t value,
gss_buffer_t display_value,
int *more) const
{
rs_const_avp *vp;
int i = *more, count = 0;
*more = 0;
if (i == -1)
i = 0;
if (isSecretAttributeP(attrid) ||
isInternalAttributeP(attrid)) {
return false;
} else if (isFragmentedAttributeP(attrid)) {
return getFragmentedAttribute(attrid,
authenticated,
complete,
value);
}
for (vp = rs_avp_find_const(m_vps, attrid.second, attrid.first);
vp != NULL;
vp = rs_avp_find_const(rs_avp_next_const(vp), attrid.second, attrid.first)) {
if (count++ == i) {
if (rs_avp_find_const(rs_avp_next_const(vp), attrid.second, attrid.first) != NULL)
*more = count;
break;
}
}
if (vp == NULL && *more == 0)
return false;
if (value != GSS_C_NO_BUFFER) {
gss_buffer_desc valueBuf;
rs_avp_octets_value_byref((rs_avp *)vp,
(unsigned char **)&valueBuf.value,
&valueBuf.length);
duplicateBuffer(valueBuf, value);
}
if (display_value != GSS_C_NO_BUFFER &&
!rs_avp_is_octets(vp)) {
char displayString[RS_MAX_STRING_LEN];
gss_buffer_desc displayBuf;
displayBuf.length = rs_avp_display_value(vp, displayString,
sizeof(displayString));
displayBuf.value = (void *)displayString;
duplicateBuffer(displayBuf, display_value);
}
if (authenticated != NULL)
*authenticated = m_authenticated;
if (complete != NULL)
*complete = true;
return true;
}
