From eaff8adf6959a90a4052a2fe0fd49889b7fa5a7b Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 9 Mar 2011 00:52:15 +1100
Subject: [PATCH] add some explanations to tlv code

---
 mech_eap/NOTES     |  7 +++++++
 mech_eap/util_sm.c | 13 +++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/mech_eap/NOTES b/mech_eap/NOTES
index cce432f..849ce4e 100644
--- a/mech_eap/NOTES
+++ b/mech_eap/NOTES
@@ -1,2 +1,9 @@
 - gss_xxx routines acquire lock, gssXxx don't
 
+- git
+
+If you do want to update with a rebase, deletethe branch from the
+server first then push the rebased branch
+
+to delete a branch from a server git push origin :branch_to_del
+
diff --git a/mech_eap/util_sm.c b/mech_eap/util_sm.c
index 0366168..8bbe40e 100644
--- a/mech_eap/util_sm.c
+++ b/mech_eap/util_sm.c
@@ -266,12 +266,24 @@ gssEapSmStep(OM_uint32 *minor,
         if ((smp->validStates & ctx->state) == 0)
             continue;
 
+        /*
+         * We special case the first call to gss_init_sec_context so that
+         * all token providers have the opportunity to generate an initial
+         * context token. Providers where inputTokenType is ITOK_TYPE_NONE
+         * are always called and generally act on state transition boundaries,
+         * for example to advance the state after a series of optional tokens
+         * (as is the case with the extension token exchange) or to generate
+         * a new token after the state was advanced by a provider which did
+         * not emit a token.
+         */
         if (smp->inputTokenType == ITOK_TYPE_NONE || initialContextToken) {
             processToken = 1;
         } else if ((smFlags & SM_FLAG_TRANSITED) == 0) {
+            /* Don't regurgitate a token which belonds to a previous state. */
             for (j = 0; j < innerInputTokens->count; j++) {
                 if ((inputTokenTypes[j] & ITOK_TYPE_MASK) == smp->inputTokenType) {
                     if (processToken) {
+                        /* Check for duplicate inner tokens */
                         major = GSS_S_DEFECTIVE_TOKEN;
                         *minor = GSSEAP_DUPLICATE_ITOK;
                         break;
@@ -321,6 +333,7 @@ gssEapSmStep(OM_uint32 *minor,
             }
         } else if ((smp->itokFlags & SM_ITOK_FLAG_REQUIRED) &&
             smp->inputTokenType != ITOK_TYPE_NONE) {
+            /* Check for required inner tokens */
             major = GSS_S_DEFECTIVE_TOKEN;
             *minor = GSSEAP_MISSING_REQUIRED_ITOK;
             break;
-- 
2.1.4