projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cf651f0)
cleanup
authorLuke Howard <lukeh@padl.com>
Mon, 27 Sep 2010 23:29:56 +0000 (01:29 +0200)
committerLuke Howard <lukeh@padl.com>
Mon, 27 Sep 2010 23:29:56 +0000 (01:29 +0200)
set_cred_option.c patch | blob | history
util_reauth.c patch | blob | history

diff --git a/set_cred_option.c b/set_cred_option.c
index 6c32d4c..a8114ef 100644 (file)
--- a/set_cred_option.c
+++ b/set_cred_option.c
@@ -121,7 +121,7 @@ gssspi_set_cred_option(OM_uint32 *minor,
     for (i = 0; i < sizeof(setCredOps) / sizeof(setCredOps[0]); i++) {
         if (oidEqual(&setCredOps[i].oid, desired_object)) {
             major = (*setCredOps[i].setOption)(minor, cred,
-                                              desired_object, value);
+                                               desired_object, value);
             break;
         }
     }
diff --git a/util_reauth.c b/util_reauth.c
index c86b206..6a476a5 100644 (file)
--- a/util_reauth.c
+++ b/util_reauth.c
@@ -309,11 +309,11 @@ reauthUseCredsCache(krb5_context krbContext,
  * if policy allows.
  */
 static OM_uint32
-getReauthCredentials(OM_uint32 *minor,
-                     gss_cred_id_t cred,
-                     gss_name_t target,
-                     time_t now,
-                     OM_uint32 timeReq)
+getDefaultReauthCredentials(OM_uint32 *minor,
+                            gss_cred_id_t cred,
+                            gss_name_t target,
+                            time_t now,
+                            OM_uint32 timeReq)
 {
     OM_uint32 major = GSS_S_CRED_UNAVAIL;
     krb5_context krbContext = NULL;
@@ -327,7 +327,8 @@ getReauthCredentials(OM_uint32 *minor,
     assert(cred != GSS_C_NO_CREDENTIAL);
     assert(target != GSS_C_NO_NAME);
 
-    if (!reauthUseCredsCache(krbContext, cred->name->krbPrincipal))
+    if (cred->name == GSS_C_NO_NAME ||
+        !reauthUseCredsCache(krbContext, cred->name->krbPrincipal))
         goto cleanup;
 
     match.client = cred->name->krbPrincipal;
@@ -371,24 +372,22 @@ gssEapCanReauthP(gss_cred_id_t cred,
                  gss_name_t target,
                  OM_uint32 timeReq)
 {
-    time_t now;
+    time_t now, expiryReq;
+    OM_uint32 minor;
 
-    if (cred == GSS_C_NO_CREDENTIAL)
-        return FALSE;
+    assert(cred != GSS_C_NO_CREDENTIAL);
 
     now = time(NULL);
+    expiryReq = now;
+    if (timeReq != GSS_C_INDEFINITE)
+        expiryReq += timeReq;
 
-    if (cred->krbCredCache != NULL &&
-        cred->expiryTime > time(NULL) + (timeReq ? timeReq : 0))
+    if (cred->krbCredCache != NULL && cred->expiryTime > expiryReq)
         return TRUE;
 
-    if (cred->name != GSS_C_NO_NAME) {
-        OM_uint32 major, minor;
-
-        major = getReauthCredentials(&minor, cred, target, now, timeReq);
-
-        return !GSS_ERROR(major);
-    }
+    if (getDefaultReauthCredentials(&minor, cred, target,
+                                    now, timeReq) == GSS_S_COMPLETE)
+        return TRUE;
 
     return FALSE;
 }
Moonshot GSS-API mechanism