OM_uint32 *smFlags)
{
*minor = 0;
- *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL;
- return (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) ?
- GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE;
+
+ if (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) {
+ *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL;
+ return GSS_S_CONTINUE_NEEDED;
+ } else {
+ ctx->state = GSSEAP_STATE_ESTABLISHED;
+ *smFlags |= SM_FLAG_STOP_EVAL;
+ return GSS_S_COMPLETE;
+ }
}
static struct gss_eap_sm eapGssAcceptorSm[] = {
GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */
GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */
GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */
- GSSEAP_STATE_ESTABLISHED = 0x10, /* context established */
- GSSEAP_STATE_ALL = 0x1F
+ GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */
+ GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */
+ GSSEAP_STATE_ALL = 0x3F
};
#define GSSEAP_STATE_NEXT(s) ((s) << 1)
goto cleanup;
ctx->state = GSSEAP_STATE_ESTABLISHED;
} else {
- *smFlags |= SM_FLAG_TRANSITION;
+ ctx->state = GSSEAP_STATE_REAUTHENTICATE;
}
cleanup:
OM_uint32 *smFlags)
{
*minor = 0;
- *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL;
- return (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) ?
- GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE;
+
+ if (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) {
+ *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL;
+ return GSS_S_CONTINUE_NEEDED;
+ } else {
+ ctx->state = GSSEAP_STATE_ESTABLISHED;
+ *smFlags |= SM_FLAG_STOP_EVAL;
+ return GSS_S_COMPLETE;
+ }
}
static struct gss_eap_sm eapGssInitiatorSm[] = {
SM_ITOK_FLAG_CRITICAL,
eapGssSmInitError,
},
-#ifdef GSSEAP_ENABLE_REAUTH
- {
- ITOK_TYPE_REAUTH_RESP,
- ITOK_TYPE_REAUTH_REQ,
- GSSEAP_STATE_INITIAL | GSSEAP_STATE_AUTHENTICATE,
- 0,
- eapGssSmInitGssReauth,
- },
-#endif
#ifdef GSSEAP_DEBUG
{
ITOK_TYPE_NONE,
eapGssSmInitVendorInfo,
},
#endif
+#ifdef GSSEAP_ENABLE_REAUTH
+ {
+ ITOK_TYPE_REAUTH_RESP,
+ ITOK_TYPE_REAUTH_REQ,
+ GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE,
+ 0,
+ eapGssSmInitGssReauth,
+ },
+#endif
{
ITOK_TYPE_NONE,
ITOK_TYPE_NONE,
case GSSEAP_STATE_ACCEPTOR_EXTS:
s = "ACCEPTOR_EXTS";
break;
+ case GSSEAP_STATE_REAUTHENTICATE:
+ s = "REAUTHENTICATE";
+ break;
case GSSEAP_STATE_ESTABLISHED:
s = "ESTABLISHED";
break;