struct eap_config eapConfig;
if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE) {
+ OM_uint32 tmpMinor;
+
/* server didn't support reauthentication, sent EAP request */
- GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
+ gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
- *smFlags |= SM_FLAG_RESTART;
+ GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
} else {
*smFlags |= SM_FLAG_FORCE_SEND_TOKEN;
}
major = tmpMajor;
*minor = tmpMinor;
}
+
+ *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
}
wpabuf_set(&ctx->initiatorCtx.reqData, NULL, 0);
assert(outputToken->value != NULL);
*minor = 0;
+ *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
+
return GSS_S_CONTINUE_NEEDED;
}
ITOK_TYPE_CONTEXT_ERR,
ITOK_TYPE_NONE,
GSSEAP_STATE_ALL & ~(GSSEAP_STATE_INITIAL),
- SM_ITOK_FLAG_CRITICAL,
+ 0,
eapGssSmInitError
},
{
ITOK_TYPE_NONE,
ITOK_TYPE_NONE,
GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE,
- SM_ITOK_FLAG_CRITICAL | SM_ITOK_FLAG_REQUIRED,
+ SM_ITOK_FLAG_REQUIRED,
eapGssSmInitIdentity
},
{
ITOK_TYPE_EAP_REQ,
ITOK_TYPE_EAP_RESP,
GSSEAP_STATE_AUTHENTICATE,
- SM_ITOK_FLAG_CRITICAL | SM_ITOK_FLAG_REQUIRED,
+ SM_ITOK_FLAG_REQUIRED,
eapGssSmInitAuthenticate
},
{
ITOK_TYPE_NONE,
ITOK_TYPE_GSS_CHANNEL_BINDINGS,
GSSEAP_STATE_INITIATOR_EXTS,
- SM_ITOK_FLAG_CRITICAL | SM_ITOK_FLAG_REQUIRED,
+ SM_ITOK_FLAG_REQUIRED,
eapGssSmInitGssChannelBindings
},
{