}
}
- assert(ctx->state == GSSEAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED);
+ assert(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED);
cleanup:
if (cred != GSS_C_NO_CREDENTIAL)
p = (unsigned char *)token->value;
store_uint32_be(EAP_EXPORT_CONTEXT_V1, &p[0]); /* version */
- store_uint32_be(ctx->state, &p[4]);
+ store_uint32_be(GSSEAP_SM_STATE(ctx), &p[4]);
store_uint32_be(ctx->flags, &p[8]);
store_uint32_be(ctx->gssFlags, &p[12]);
p = store_oid(ctx->mechanismUsed, &p[16]);
remain -= 16;
/* Validate state */
- if (ctx->state < GSSEAP_STATE_INITIAL ||
- ctx->state > GSSEAP_STATE_ESTABLISHED)
+ if (GSSEAP_SM_STATE(ctx) < GSSEAP_STATE_INITIAL ||
+ GSSEAP_SM_STATE(ctx) > GSSEAP_STATE_ESTABLISHED)
return GSS_S_DEFECTIVE_TOKEN;
/* Only acceptor can export partial context tokens */
#define GSSEAP_STATE_NEXT(s) ((s) << 1)
+#define GSSEAP_SM_STATE(ctx) ((ctx)->state)
+
#ifdef GSSEAP_DEBUG
void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
#define GSSEAP_SM_TRANSITION(ctx, state) gssEapSmTransition((ctx), (state))
#define GSSEAP_SM_TRANSITION(ctx, state) do { (ctx)->state = (state); } while (0)
#endif
-#define GSSEAP_SM_TRANSITION_NEXT(ctx) GSSEAP_SM_TRANSITION((ctx), GSSEAP_STATE_NEXT((ctx)->state))
+#define GSSEAP_SM_TRANSITION_NEXT(ctx) GSSEAP_SM_TRANSITION((ctx), GSSEAP_STATE_NEXT(GSSEAP_SM_STATE((ctx))))
/* state machine entry */
struct gss_eap_sm {
#define SM_FLAG_FORCE_SEND_TOKEN 0x00000001 /* send token even if empty */
#define SM_FLAG_STOP_EVAL 0x00000002 /* no more handlers for this state */
+#define SM_FLAG_RESTART 0x00000004 /* restart state machine */
#define SM_ITOK_FLAG_CRITICAL 0x00000001 /* sent tokens marked critical */
#define SM_ITOK_FLAG_REQUIRED 0x00000002 /* received tokens must be present */