From db189a20a7972fd07bf97564a982f66399fd9bd6 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 7 Oct 2011 18:06:57 +1100 Subject: [PATCH] fix incorrect reauth cred assert check --- mech_eap/init_sec_context.c | 8 ++++++-- mech_eap/util_reauth.c | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index 15e0520..e99b479 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -457,8 +457,10 @@ eapGssSmInitGssReauth(OM_uint32 *minor, gss_OID actualMech = GSS_C_NO_OID; OM_uint32 gssFlags, timeRec; - GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); - + /* + * Here we use the passed in credential handle because the resolved + * context credential does not currently have the reauth creds. + */ if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) { if (!gssEapCanReauthP(cred, target, timeReq)) return GSS_S_CONTINUE_NEEDED; @@ -470,6 +472,8 @@ eapGssSmInitGssReauth(OM_uint32 *minor, goto cleanup; } + GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); + major = gssEapMechToGlueName(minor, target, &mechTarget); if (GSS_ERROR(major)) goto cleanup; diff --git a/mech_eap/util_reauth.c b/mech_eap/util_reauth.c index 32ed781..50011ca 100644 --- a/mech_eap/util_reauth.c +++ b/mech_eap/util_reauth.c @@ -485,7 +485,8 @@ gssEapCanReauthP(gss_cred_id_t cred, time_t now, expiryReq; OM_uint32 minor; - GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); + if (cred == GSS_C_NO_CREDENTIAL) + return FALSE; now = time(NULL); expiryReq = now; -- 2.1.4