if (GSS_ERROR(major))
return major;
- if (ctx->expiryTime < time(NULL)) {
+ if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) {
*minor = GSSEAP_CRED_EXPIRED;
return GSS_S_CREDENTIALS_EXPIRED;
}
ctx->flags |= CTX_FLAG_KRB_REAUTH;
major = gssAcceptSecContext(minor,
- &ctx->kerberosCtx,
- cred->krbCred,
+ &ctx->reauthCtx,
+ cred->reauthCred,
inputToken,
chanBindings,
&krbInitiator,
} else if (GSS_ERROR(major) &&
(*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
/* pretend reauthentication attempt never happened */
- gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+ gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
major = GSS_S_CONTINUE_NEEDED;