X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_sm.c;h=ca699233ae7aff6e5d5b92d320636b893a4dde3b;hb=refs%2Fheads%2Fjson-name;hp=de730ceacacbf5da6da7c1218dfbce2abba64691;hpb=424a82f7527b6bd51789aa58ae71fbfd92764f90;p=moonshot.git

diff --git a/mech_eap/util_sm.c b/mech_eap/util_sm.c
index de730ce..ca69923 100644
--- a/mech_eap/util_sm.c
+++ b/mech_eap/util_sm.c
@@ -64,9 +64,11 @@ gssEapStateToString(enum gss_eap_state state)
     case GSSEAP_STATE_ACCEPTOR_EXTS:
         s = "ACCEPTOR_EXTS";
         break;
+#ifdef GSSEAP_ENABLE_REAUTH
     case GSSEAP_STATE_REAUTHENTICATE:
         s = "REAUTHENTICATE";
         break;
+#endif
     case GSSEAP_STATE_ESTABLISHED:
         s = "ESTABLISHED";
         break;
@@ -208,6 +210,7 @@ gssEapSmStep(OM_uint32 *minor,
     unsigned int smFlags = 0;
     size_t i, j;
     int initialContextToken = 0;
+    enum gss_eap_token_type tokType;
 
     assert(smCount > 0);
 
@@ -217,14 +220,13 @@ gssEapSmStep(OM_uint32 *minor,
     outputToken->value = NULL;
 
     if (inputToken != GSS_C_NO_BUFFER && inputToken->length != 0) {
-        enum gss_eap_token_type tokType;
-
         major = gssEapVerifyToken(minor, ctx, inputToken, &tokType,
                                   &unwrappedInputToken);
         if (GSS_ERROR(major))
             goto cleanup;
 
-        if (tokType != TOK_TYPE_ESTABLISH_CONTEXT) {
+        if (tokType != (CTX_IS_INITIATOR(ctx)
+                    ? TOK_TYPE_ACCEPTOR_CONTEXT : TOK_TYPE_INITIATOR_CONTEXT)) {
             major = GSS_S_DEFECTIVE_TOKEN;
             *minor = GSSEAP_WRONG_TOK_ID;
             goto cleanup;
@@ -313,12 +315,10 @@ gssEapSmStep(OM_uint32 *minor,
 
             if (inputTokenType != NULL)
                 *inputTokenType |= ITOK_FLAG_VERIFIED;
-            if (smFlags & SM_FLAG_RESTART) {
-                assert(ctx->state < oldState);
-                i = 0;
-            } else if (ctx->state != oldState) {
+            if (ctx->state < oldState)
+                i = 0; /* restart */
+            else if (ctx->state != oldState)
                 smFlags |= SM_FLAG_TRANSITED;
-            }
 
             if (innerOutputToken.value != NULL) {
                 innerOutputTokens->elements[innerOutputTokens->count] = innerOutputToken;
@@ -329,12 +329,10 @@ gssEapSmStep(OM_uint32 *minor,
                 innerOutputTokens->count++;
             }
             /*
-             * Break out if explicitly requested, or if we made a state transition
-             * and have some tokens to send.
+             * Break out if we made a state transition and have some tokens to send.
              */
-            if ((smFlags & SM_FLAG_STOP_EVAL) ||
-                ((smFlags & SM_FLAG_TRANSITED) &&
-                 ((smFlags & SM_FLAG_FORCE_SEND_TOKEN) || innerOutputTokens->count != 0))) {
+            if ((smFlags & SM_FLAG_TRANSITED) &&
+                 ((smFlags & SM_FLAG_FORCE_SEND_TOKEN) || innerOutputTokens->count != 0)) {
                 SM_ASSERT_VALID(ctx, major);
                 break;
             }
@@ -387,8 +385,13 @@ gssEapSmStep(OM_uint32 *minor,
         tmpMajor = gssEapEncodeInnerTokens(&tmpMinor, innerOutputTokens,
                                            outputTokenTypes, &unwrappedOutputToken);
         if (tmpMajor == GSS_S_COMPLETE) {
+            if (CTX_IS_INITIATOR(ctx))
+                tokType = TOK_TYPE_INITIATOR_CONTEXT;
+            else
+                tokType = TOK_TYPE_ACCEPTOR_CONTEXT;
+
             tmpMajor = gssEapMakeToken(&tmpMinor, ctx, &unwrappedOutputToken,
-                                       TOK_TYPE_ESTABLISH_CONTEXT, outputToken);
+                                       tokType, outputToken);
             if (GSS_ERROR(tmpMajor)) {
                 major = tmpMajor;
                 *minor = tmpMinor;