ctx->acceptorCtx.vps = frresp->vps;
frresp->vps = NULL;
- rs_conn_destroy(ctx->acceptorCtx.radConn);
- ctx->acceptorCtx.radConn = NULL;
-
major = acceptReadyEap(minor, ctx, cred);
if (GSS_ERROR(major))
goto cleanup;
rs_request_destroy(request);
if (req != NULL)
rs_packet_destroy(req);
+ if (resp != NULL)
+ rs_packet_destroy(resp);
+ if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIATOR_EXTS) {
+ assert(major == GSS_S_CONTINUE_NEEDED);
+
+ rs_conn_destroy(ctx->acceptorCtx.radConn);
+ ctx->acceptorCtx.radConn = NULL;
+ }
return major;
}
major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL,
iov, 2, TOK_TYPE_WRAP);
if (GSS_ERROR(major))
- return GSS_S_BAD_BINDINGS;
+ return major;
if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS &&
!bufferEqual(&iov[0].buffer, &chanBindings->application_data)) {
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
}
ctx->gssFlags = gssFlags;
- } else if ((*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
+ } else if (GSS_ERROR(major) &&
+ (*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
/* pretend reauthentication attempt never happened */
gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
- *smFlags |= SM_FLAG_RESTART;
major = GSS_S_CONTINUE_NEEDED;
}