Merge branch 'master' into tlv-mic

[moonshot.git] / mech_eap / accept_sec_context.c

diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c
index bac9130..16e60fb 100644 (file)
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -72,7 +72,7 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
 
     major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
                                   PW_USER_NAME, 0, &vp);
-    if (major == GSS_S_COMPLETE) {
+    if (major == GSS_S_COMPLETE && vp->length) {
         nameBuf.length = vp->length;
         nameBuf.value = vp->vp_strvalue;
     } else {
@@ -121,6 +121,11 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
     if (GSS_ERROR(major))
         return major;
 
+    if (ctx->expiryTime < time(NULL)) {
+        *minor = GSSEAP_CRED_EXPIRED;
+        return GSS_S_CREDENTIALS_EXPIRED;
+    }
+
     *minor = 0;
     return GSS_S_COMPLETE;
 }