projects
/
moonshot.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
44c6f6b
)
if reauth token marked critical, don't allow EAP fallback
author
Luke Howard
<lukeh@padl.com>
Wed, 9 Mar 2011 14:27:48 +0000
(
01:27
+1100)
committer
Luke Howard
<lukeh@padl.com>
Wed, 9 Mar 2011 14:27:48 +0000
(
01:27
+1100)
mech_eap/accept_sec_context.c
patch
|
blob
|
history
diff --git
a/mech_eap/accept_sec_context.c
b/mech_eap/accept_sec_context.c
index
c39cf6b
..
b9bdb80
100644
(file)
--- a/
mech_eap/accept_sec_context.c
+++ b/
mech_eap/accept_sec_context.c
@@
-965,7
+965,8
@@
eapGssSmAcceptGssReauth(OM_uint32 *minor,
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
}
ctx->gssFlags = gssFlags;
- } else {
+ } else if ((*smFlags & SM_FLAG_INPUT_TOKEN_CRITICAL) == 0) {
+ /* pretend reauthentication attempt never happened */
gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);