From 441d2abc6080e244ccfc6404a9d71ca568f771a6 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 8 Oct 2010 23:37:01 +0200 Subject: [PATCH] always need a key for CB to work --- accept_sec_context.c | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/accept_sec_context.c b/accept_sec_context.c index c36b467..eb1b950 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -78,28 +78,21 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred) major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps, PW_MS_MPPE_SEND_KEY, VENDORPEC_MS, &vp); - if (major == GSS_S_COMPLETE && ctx->encryptionType != ENCTYPE_NULL) { - major = gssEapDeriveRfc3961Key(minor, - vp->vp_octets, - vp->length, - ctx->encryptionType, - &ctx->rfc3961Key); - if (GSS_ERROR(major)) - return major; + if (GSS_ERROR(major)) + return major; - major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, - &ctx->checksumType); - if (GSS_ERROR(major)) - return major; - } else { - /* - * draft-howlett-eap-gss says that integrity/confidentialty should - * always be advertised as available, but if we have no keying - * material it seems confusing to the caller to advertise this. - */ - ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG); - ctx->encryptionType = ENCTYPE_NULL; - } + major = gssEapDeriveRfc3961Key(minor, + vp->vp_octets, + vp->length, + ctx->encryptionType, + &ctx->rfc3961Key); + if (GSS_ERROR(major)) + return major; + + major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key, + &ctx->checksumType); + if (GSS_ERROR(major)) + return major; major = sequenceInit(minor, &ctx->seqState, ctx->recvSeq, -- 2.1.4