fix incorrect reauth cred assert check

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 15e0520..e99b479 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -457,8 +457,10 @@ eapGssSmInitGssReauth(OM_uint32 *minor,
     gss_OID actualMech = GSS_C_NO_OID;
     OM_uint32 gssFlags, timeRec;
 
-    GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
-
+    /*
+     * Here we use the passed in credential handle because the resolved
+     * context credential does not currently have the reauth creds.
+     */
     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) {
         if (!gssEapCanReauthP(cred, target, timeReq))
             return GSS_S_CONTINUE_NEEDED;
@@ -470,6 +472,8 @@ eapGssSmInitGssReauth(OM_uint32 *minor,
         goto cleanup;
     }
 
+    GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
+
     major = gssEapMechToGlueName(minor, target, &mechTarget);
     if (GSS_ERROR(major))
         goto cleanup;

diff --git a/mech_eap/util_reauth.c b/mech_eap/util_reauth.c
index 32ed781..50011ca 100644 (file)
--- a/mech_eap/util_reauth.c
+++ b/mech_eap/util_reauth.c
@@ -485,7 +485,8 @@ gssEapCanReauthP(gss_cred_id_t cred,
     time_t now, expiryReq;
     OM_uint32 minor;
 
-    GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
+    if (cred == GSS_C_NO_CREDENTIAL)
+        return FALSE;
 
     now = time(NULL);
     expiryReq = now;