{
struct eap_config eapConfig;
+#ifdef GSSEAP_ENABLE_REAUTH
if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE) {
OM_uint32 tmpMinor;
gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
- *smFlags |= SM_FLAG_RESTART;
- } else {
+ } else
+#endif
*smFlags |= SM_FLAG_FORCE_SEND_TOKEN;
- }
assert((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
assert(inputToken == GSS_C_NO_BUFFER);
major = tmpMajor;
*minor = tmpMinor;
}
+
+ *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
}
wpabuf_set(&ctx->initiatorCtx.reqData, NULL, 0);
assert(outputToken->value != NULL);
*minor = 0;
+ *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
+
return GSS_S_CONTINUE_NEEDED;
}
ITOK_TYPE_CONTEXT_ERR,
ITOK_TYPE_NONE,
GSSEAP_STATE_ALL & ~(GSSEAP_STATE_INITIAL),
- SM_ITOK_FLAG_CRITICAL,
+ 0,
eapGssSmInitError
},
{
{
ITOK_TYPE_NONE,
ITOK_TYPE_NONE,
- GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE,
- SM_ITOK_FLAG_CRITICAL | SM_ITOK_FLAG_REQUIRED,
+#ifdef GSSEAP_ENABLE_REAUTH
+ GSSEAP_STATE_REAUTHENTICATE |
+#endif
+ GSSEAP_STATE_INITIAL,
+ SM_ITOK_FLAG_REQUIRED,
eapGssSmInitIdentity
},
{
ITOK_TYPE_EAP_REQ,
ITOK_TYPE_EAP_RESP,
GSSEAP_STATE_AUTHENTICATE,
- SM_ITOK_FLAG_CRITICAL | SM_ITOK_FLAG_REQUIRED,
+ SM_ITOK_FLAG_REQUIRED,
eapGssSmInitAuthenticate
},
{
ITOK_TYPE_NONE,
ITOK_TYPE_GSS_CHANNEL_BINDINGS,
GSSEAP_STATE_INITIATOR_EXTS,
- SM_ITOK_FLAG_CRITICAL | SM_ITOK_FLAG_REQUIRED,
+ SM_ITOK_FLAG_REQUIRED,
eapGssSmInitGssChannelBindings
},
{