projects
/
moonshot.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' into tlv-mic
[moonshot.git]
/
mech_eap
/
accept_sec_context.c
diff --git
a/mech_eap/accept_sec_context.c
b/mech_eap/accept_sec_context.c
index
bac9130
..
081cca8
100644
(file)
--- a/
mech_eap/accept_sec_context.c
+++ b/
mech_eap/accept_sec_context.c
@@
-72,7
+72,7
@@
acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_USER_NAME, 0, &vp);
major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_USER_NAME, 0, &vp);
- if (major == GSS_S_COMPLETE) {
+ if (major == GSS_S_COMPLETE
&& vp->length
) {
nameBuf.length = vp->length;
nameBuf.value = vp->vp_strvalue;
} else {
nameBuf.length = vp->length;
nameBuf.value = vp->vp_strvalue;
} else {
@@
-121,6
+121,11
@@
acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
if (GSS_ERROR(major))
return major;
if (GSS_ERROR(major))
return major;
+ if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) {
+ *minor = GSSEAP_CRED_EXPIRED;
+ return GSS_S_CREDENTIALS_EXPIRED;
+ }
+
*minor = 0;
return GSS_S_COMPLETE;
}
*minor = 0;
return GSS_S_COMPLETE;
}
@@
-1093,7
+1098,7
@@
eapGssSmAcceptGssReauth(OM_uint32 *minor,
return major;
major = gssAcceptSecContext(minor,
return major;
major = gssAcceptSecContext(minor,
- &ctx->
kerberos
Ctx,
+ &ctx->
reauth
Ctx,
cred->krbCred,
inputToken,
&wireChanBindings,
cred->krbCred,
inputToken,
&wireChanBindings,
@@
-1114,7
+1119,7
@@
eapGssSmAcceptGssReauth(OM_uint32 *minor,
} else if (GSS_ERROR(major) &&
(*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
/* Fall back to EAP */
} else if (GSS_ERROR(major) &&
(*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
/* Fall back to EAP */
- gssDeleteSecContext(&tmpMinor, &ctx->
kerberos
Ctx, GSS_C_NO_BUFFER);
+ gssDeleteSecContext(&tmpMinor, &ctx->
reauth
Ctx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
} else {
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
} else {