Permalink
Browse files

Merge branch 'master' of github.com:jbasney/mech_saml_ec

  • Loading branch information...
2 parents 5ea8f35 + f775d81 commit 57433cc0a88d21bd9ee4909a42be1a91b9a4b586 @jbasney jbasney committed May 10, 2012
Showing with 27 additions and 45 deletions.
  1. +25 −42 mech_saml_ec/accept_sec_context.c
  2. +1 −1 mech_saml_ec/util_context.c
  3. +1 −2 mech_saml_ec/util_oid.c
@@ -579,26 +579,11 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor,
rs_conn_destroy(ctx->acceptorCtx.radConn);
ctx->acceptorCtx.radConn = NULL;
}
-#else
- if (!strncmp(inputToken->value, "SAML_ASSERTION_TO_SP", strlen("SAML_ASSERTION_TO_SP")))
- {
- fprintf(stderr, "GSSAPI Acceptor: Received SAML_ASSERTION_TO_SP from initiator\n");
-
-
- /* TODO VSY: Need to set the following here:
- * ctx->mechanismUsed should already be set automatically
- * ctx->gssFlags
- * ctx->initiatorName
- * ctx->expiryTime (0 for indefinite)
- */
- }
-
- GSSEAP_SM_TRANSITION_NEXT(ctx);
-
- major = GSS_S_COMPLETE;
-#endif
return major;
+#else
+ return GSS_S_UNAVAILABLE;
+#endif
}
static OM_uint32
@@ -871,52 +856,50 @@ gssEapAcceptSecContext(OM_uint32 *minor,
if (initialContextToken) {
gss_buffer_desc innerToken = GSS_C_EMPTY_BUFFER;
+ // This sets ctx->mechanismUsed
major = gssEapVerifyToken(minor, ctx, input_token, NULL,
&innerToken);
- /* TODO innerToken must either be NULL or have meaningful content */
if (!GSS_ERROR(major)) {
GSSEAP_ASSERT(oidEqual(ctx->mechanismUsed, GSS_SAMLEC_MECHANISM));
+ /* innerToken must be empty */
+ GSSEAP_ASSERT(innerToken.length == 0);
+
saml_req = getSAMLRequest2();
- /* TODO VSY: we should really err out on saml_req being NULL */
- major = makeStringBuffer(minor, saml_req?:"", output_token);
- fprintf(stderr, "--- SENDING SAML_AUTHREQUEST: ---\n%s\n",
+ if (saml_req != NULL) {
+ major = makeStringBuffer(minor, saml_req?:"", output_token);
+ free(saml_req); saml_req = NULL;
+ } else
+ major = GSS_S_FAILURE;
+
+ if (!GSS_ERROR(major)) {
+ fprintf(stderr, "--- SENDING SAML_AUTHREQUEST: ---\n%s\n",
(char *)output_token->value);
- free(saml_req);
- saml_req = NULL;
- if (!GSS_ERROR(major))
major = GSS_S_CONTINUE_NEEDED;
+ }
}
} else {
- /* TODO: check for the real assertion here */
- if (!strncmp(input_token->value, "SAML_ASSERTION_TO_SP", strlen("SAML_ASSERTION_TO_SP")))
- {
- fprintf(stderr, "GSSAPI Acceptor: Received SAML_ASSERTION_TO_SP from initiator\n");
-
-
- /* TODO VSY: Need to set the following here:
- * ctx->mechanismUsed should already be set automatically
- * ctx->gssFlags
- * ctx->initiatorName
- * ctx->expiryTime (0 for indefinite)
- */
- }
// Allocate space for username string. MUST FREE LATER!!!
+ // TODO: have verifySAMLResponse allocate for username
char* username = calloc(128,sizeof(char));
int result = verifySAMLResponse((char*)input_token->value,
(int)input_token->length,
username);
- fprintf(stderr,"Username = '%s'\n",username);
- // May need to move this "free(username)" to later in the code
- free(username);
- /* ASSUME Assertion is Good for now !!! */
if (result) {
+ gss_buffer_desc buf = {0, NULL};
+ fprintf(stderr,"Username = '%s'\n",username);
+ major = makeStringBuffer(minor, username, &buf);
+ if (major == GSS_S_COMPLETE)
+ major = gss_import_name(minor, &buf, GSS_C_NT_USER_NAME,
+ &ctx->initiatorName);
major = GSS_S_COMPLETE;
} else {
major = GSS_S_FAILURE;
*minor = GSSEAP_PEER_AUTH_FAILURE;
}
+
+ free(username); username = NULL;
}
#endif
if (GSS_ERROR(major))
@@ -69,7 +69,7 @@ gssEapAllocContext(OM_uint32 *minor,
*/
#ifndef MECH_EAP
/* VSY: Review the following; should we really be setting this always? */
- ctx->gssFlags = GSS_C_MUTUAL_FLAG; /* contexts */
+ ctx->gssFlags = 0 /* GSS_C_MUTUAL_FLAG */; /* contexts */
#else
ctx->gssFlags = GSS_C_TRANS_FLAG | /* exporting contexts */
GSS_C_INTEG_FLAG | /* integrity */
View
@@ -166,8 +166,7 @@ fprintf(stderr, "COMPARING (%s) and (%s)\n", input_string->value, MECH_SAML_EC_S
if (!strncmp(input_string->value, MECH_SAML_EC_STRING, input_string->length
&& input_string->length == strlen(MECH_SAML_EC_STRING)))
{
- *output_oid = GSS_SAMLEC_MECHANISM;
- return GSS_S_COMPLETE;
+ return duplicateOid(minor_status, GSS_SAMLEC_MECHANISM, output_oid);
} else
return GSS_S_FAILURE;
}

0 comments on commit 57433cc

Please sign in to comment.