From: Luke Howard Date: Fri, 7 Oct 2011 07:06:57 +0000 (+1100) Subject: fix incorrect reauth cred assert check X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=db189a20a7972fd07bf97564a982f66399fd9bd6 fix incorrect reauth cred assert check --- diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index 15e0520..e99b479 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -457,8 +457,10 @@ eapGssSmInitGssReauth(OM_uint32 *minor, gss_OID actualMech = GSS_C_NO_OID; OM_uint32 gssFlags, timeRec; - GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); - + /* + * Here we use the passed in credential handle because the resolved + * context credential does not currently have the reauth creds. + */ if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) { if (!gssEapCanReauthP(cred, target, timeReq)) return GSS_S_CONTINUE_NEEDED; @@ -470,6 +472,8 @@ eapGssSmInitGssReauth(OM_uint32 *minor, goto cleanup; } + GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); + major = gssEapMechToGlueName(minor, target, &mechTarget); if (GSS_ERROR(major)) goto cleanup; diff --git a/mech_eap/util_reauth.c b/mech_eap/util_reauth.c index 32ed781..50011ca 100644 --- a/mech_eap/util_reauth.c +++ b/mech_eap/util_reauth.c @@ -485,7 +485,8 @@ gssEapCanReauthP(gss_cred_id_t cred, time_t now, expiryReq; OM_uint32 minor; - GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); + if (cred == GSS_C_NO_CREDENTIAL) + return FALSE; now = time(NULL); expiryReq = now;