projects / mech_eap.orig / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
HEADS UP: move dictionary file to $prefix/etc/raddb/dictionary
[mech_eap.orig] / accept_sec_context.c
diff --git a/accept_sec_context.c b/accept_sec_context.c
index 03b5692..5da5ea6 100644 (file)
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -965,7 +965,8 @@ eapGssSmAcceptGssReauth(OM_uint32 *minor,
             GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
         }
         ctx->gssFlags = gssFlags;
-    } else if ((*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
+    } else if (GSS_ERROR(major) &&
+        (*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
         /* pretend reauthentication attempt never happened */
         gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
         ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
Moonshot GSS-API mechanism