Merge branch 'master' of http://www.project-moonshot.org/git/moonshot

[moonshot.git] / moonshot / mech_eap / init_sec_context.c

diff --git a/moonshot/mech_eap/init_sec_context.c b/moonshot/mech_eap/init_sec_context.c
index 46e925e..e99b479 100644 (file)
--- a/moonshot/mech_eap/init_sec_context.c
+++ b/moonshot/mech_eap/init_sec_context.c
@@ -457,8 +457,10 @@ eapGssSmInitGssReauth(OM_uint32 *minor,
     gss_OID actualMech = GSS_C_NO_OID;
     OM_uint32 gssFlags, timeRec;
 
-    GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
-
+    /*
+     * Here we use the passed in credential handle because the resolved
+     * context credential does not currently have the reauth creds.
+     */
     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) {
         if (!gssEapCanReauthP(cred, target, timeReq))
             return GSS_S_CONTINUE_NEEDED;
@@ -470,6 +472,8 @@ eapGssSmInitGssReauth(OM_uint32 *minor,
         goto cleanup;
     }
 
+    GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
+
     major = gssEapMechToGlueName(minor, target, &mechTarget);
     if (GSS_ERROR(major))
         goto cleanup;
@@ -961,6 +965,11 @@ gssEapInitSecContext(OM_uint32 *minor,
     OM_uint32 major, tmpMinor;
     int initialContextToken = (ctx->mechanismUsed == GSS_C_NO_OID);
 
+    /*
+     * XXX is acquiring the credential lock here necessary? The password is
+     * mutable but the contract could specify that this is not updated whilst
+     * a context is being initialized.
+     */
     if (cred != GSS_C_NO_CREDENTIAL)
         GSSEAP_MUTEX_LOCK(&cred->mutex);