major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps,
PW_USER_NAME, 0, &vp);
- if (major == GSS_S_COMPLETE) {
+ if (major == GSS_S_COMPLETE && vp->length) {
nameBuf.length = vp->length;
nameBuf.value = vp->vp_strvalue;
} else {
if (GSS_ERROR(major))
return major;
+ if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) {
+ *minor = GSSEAP_CRED_EXPIRED;
+ return GSS_S_CREDENTIALS_EXPIRED;
+ }
+
*minor = 0;
return GSS_S_COMPLETE;
}
assert(actx->radContext == NULL);
assert(actx->radConn == NULL);
- if (rs_context_create(&actx->radContext, RS_DICT_FILE) != 0) {
+ if (rs_context_create(&actx->radContext) != 0) {
*minor = GSSEAP_RADSEC_CONTEXT_FAILURE;
return GSS_S_FAILURE;
}
goto fail;
}
+ if (rs_context_init_freeradius_dict(actx->radContext, NULL) != 0) {
+ err = rs_err_ctx_pop(actx->radContext);
+ goto fail;
+ }
+
if (rs_conn_create(actx->radContext, &actx->radConn, configStanza) != 0) {
err = rs_err_conn_pop(actx->radConn);
goto fail;
ctx->flags |= CTX_FLAG_KRB_REAUTH;
major = gssAcceptSecContext(minor,
- &ctx->kerberosCtx,
+ &ctx->reauthCtx,
cred->krbCred,
inputToken,
chanBindings,
} else if (GSS_ERROR(major) &&
(*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
/* pretend reauthentication attempt never happened */
- gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
+ gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
major = GSS_S_CONTINUE_NEEDED;
projects / moonshot.git / blobdiff