if client fails reauth, allow it to retry EAP

author Luke Howard <lukeh@padl.com>

Wed, 9 Mar 2011 13:53:53 +0000 (00:53 +1100)

committer Luke Howard <lukeh@padl.com>

Wed, 9 Mar 2011 13:53:53 +0000 (00:53 +1100)
author Luke Howard <lukeh@padl.com>
Wed, 9 Mar 2011 13:53:53 +0000 (00:53 +1100)
committer Luke Howard <lukeh@padl.com>
Wed, 9 Mar 2011 13:53:53 +0000 (00:53 +1100)
diff --git a/accept_sec_context.c b/accept_sec_context.c

index 723c932..cc03ccf 100644 (file)
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -962,10 +962,15 @@ eapGssSmAcceptGssReauth(OM_uint32 *minor,
          if (major == GSS_S_COMPLETE) {
              GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
          }
+        ctx->gssFlags = gssFlags;
+    } else {
+        gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+        ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
+        GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
+        *smFlags |= SM_FLAG_RESTART;
+        major = GSS_S_CONTINUE_NEEDED;
      }
  
-    ctx->gssFlags = gssFlags;
-
      gssReleaseName(&tmpMinor, &krbInitiator);
  
      return major;
author	Luke Howard <lukeh@padl.com>
	Wed, 9 Mar 2011 13:53:53 +0000 (00:53 +1100)
committer	Luke Howard <lukeh@padl.com>
	Wed, 9 Mar 2011 13:53:53 +0000 (00:53 +1100)