From: Luke Howard <lukeh@padl.com>
Date: Fri, 22 Apr 2011 10:58:57 +0000 (+0200)
Subject: Merge branch 'master' into tlv-mic
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=4c1ce555f314832913d633f716eb9baca7fd309e

Merge branch 'master' into tlv-mic
---

4c1ce555f314832913d633f716eb9baca7fd309e
diff --cc accept_sec_context.c
index 081cca8,cc8702d..17d1020
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@@ -1083,25 -970,11 +1083,25 @@@ eapGssSmAcceptGssReauth(OM_uint32 *mino
  
      ctx->flags |= CTX_FLAG_KRB_REAUTH;
  
 +    /*
 +     * To avoid an additional round trip, we use GSS channel bindings
 +     * to integrity protect the rest of the initiator exchange. This
 +     * does have the disadvantage of making it impossible for the
 +     * acceptor to ignore application channel bindings, behaviour
 +     * which differs from normal Kerberos and GSS-EAP itself.
 +     */
 +    major = gssEapMakeTokenChannelBindings(minor, ctx,
 +                                           userChanBindings,
 +                                           inputToken,
 +                                           &wireChanBindings);
 +    if (GSS_ERROR(major))
 +        return major;
 +
      major = gssAcceptSecContext(minor,
                                  &ctx->reauthCtx,
-                                 cred->krbCred,
+                                 cred->reauthCred,
                                  inputToken,
 -                                chanBindings,
 +                                &wireChanBindings,
                                  &krbInitiator,
                                  &mech,
                                  outputToken,