From: Luke Howard Date: Tue, 8 Mar 2011 07:02:55 +0000 (+1100) Subject: cleanup TLV code X-Git-Tag: vm/20110310~34 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=6af814ab7e9e74ac6176e7fc7d20cf9870704d44 cleanup TLV code --- diff --git a/accept_sec_context.c b/accept_sec_context.c index 9983cad..ea7c50f 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -637,9 +637,15 @@ eapGssSmAcceptCompleteExts(OM_uint32 *minor, OM_uint32 *smFlags) { *minor = 0; - *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; - return (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) ? - GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE; + + if (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) { + *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; + return GSS_S_CONTINUE_NEEDED; + } else { + ctx->state = GSSEAP_STATE_ESTABLISHED; + *smFlags |= SM_FLAG_STOP_EVAL; + return GSS_S_COMPLETE; + } } static struct gss_eap_sm eapGssAcceptorSm[] = { diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 71e697c..752311e 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -145,8 +145,9 @@ enum gss_eap_state { GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */ GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */ GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */ - GSSEAP_STATE_ESTABLISHED = 0x10, /* context established */ - GSSEAP_STATE_ALL = 0x1F + GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */ + GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */ + GSSEAP_STATE_ALL = 0x3F }; #define GSSEAP_STATE_NEXT(s) ((s) << 1) diff --git a/init_sec_context.c b/init_sec_context.c index e42d1f4..c565625 100644 --- a/init_sec_context.c +++ b/init_sec_context.c @@ -485,7 +485,7 @@ eapGssSmInitGssReauth(OM_uint32 *minor, goto cleanup; ctx->state = GSSEAP_STATE_ESTABLISHED; } else { - *smFlags |= SM_FLAG_TRANSITION; + ctx->state = GSSEAP_STATE_REAUTHENTICATE; } cleanup: @@ -719,9 +719,15 @@ eapGssSmInitCompleteExts(OM_uint32 *minor, OM_uint32 *smFlags) { *minor = 0; - *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; - return (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) ? - GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE; + + if (ctx->state == GSSEAP_STATE_INITIATOR_EXTS) { + *smFlags |= SM_FLAG_TRANSITION | SM_FLAG_STOP_EVAL; + return GSS_S_CONTINUE_NEEDED; + } else { + ctx->state = GSSEAP_STATE_ESTABLISHED; + *smFlags |= SM_FLAG_STOP_EVAL; + return GSS_S_COMPLETE; + } } static struct gss_eap_sm eapGssInitiatorSm[] = { @@ -732,15 +738,6 @@ static struct gss_eap_sm eapGssInitiatorSm[] = { SM_ITOK_FLAG_CRITICAL, eapGssSmInitError, }, -#ifdef GSSEAP_ENABLE_REAUTH - { - ITOK_TYPE_REAUTH_RESP, - ITOK_TYPE_REAUTH_REQ, - GSSEAP_STATE_INITIAL | GSSEAP_STATE_AUTHENTICATE, - 0, - eapGssSmInitGssReauth, - }, -#endif #ifdef GSSEAP_DEBUG { ITOK_TYPE_NONE, @@ -750,6 +747,15 @@ static struct gss_eap_sm eapGssInitiatorSm[] = { eapGssSmInitVendorInfo, }, #endif +#ifdef GSSEAP_ENABLE_REAUTH + { + ITOK_TYPE_REAUTH_RESP, + ITOK_TYPE_REAUTH_REQ, + GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE, + 0, + eapGssSmInitGssReauth, + }, +#endif { ITOK_TYPE_NONE, ITOK_TYPE_NONE, diff --git a/util_sm.c b/util_sm.c index d47dca5..9b18ea3 100644 --- a/util_sm.c +++ b/util_sm.c @@ -54,6 +54,9 @@ gssEapStateToString(enum gss_eap_state state) case GSSEAP_STATE_ACCEPTOR_EXTS: s = "ACCEPTOR_EXTS"; break; + case GSSEAP_STATE_REAUTHENTICATE: + s = "REAUTHENTICATE"; + break; case GSSEAP_STATE_ESTABLISHED: s = "ESTABLISHED"; break;