Don't check IS_RADIUS_ERROR() unless --enable-acceptor=yes.

author Kevin Wasserman <kevin.wasserman@painless-security.com>

Tue, 28 Jun 2011 17:17:10 +0000 (13:17 -0400)

committer Sam Hartman <hartmans@debian.org>

Fri, 1 Jul 2011 10:20:21 +0000 (06:20 -0400)
author Kevin Wasserman <kevin.wasserman@painless-security.com>
Tue, 28 Jun 2011 17:17:10 +0000 (13:17 -0400)
committer Sam Hartman <hartmans@debian.org>
Fri, 1 Jul 2011 10:20:21 +0000 (06:20 -0400)
diff --git a/moonshot/mech_eap/util_sm.c b/moonshot/mech_eap/util_sm.c

index ca69923..bf216dd 100644 (file)
--- a/moonshot/mech_eap/util_sm.c
+++ b/moonshot/mech_eap/util_sm.c
@@ -114,10 +114,13 @@ makeErrorToken(OM_uint32 *minor,
       * Only return error codes that the initiator could have caused,
       * to avoid information leakage.
       */
+#ifdef GSSEAP_ENABLE_ACCEPTOR
      if (IS_RADIUS_ERROR(minorStatus)) {
          /* Squash RADIUS error codes */
          minorStatus = GSSEAP_RADIUS_PROT_FAILURE;
-    } else if (!IS_WIRE_ERROR(minorStatus)) {
+    } else 
+#endif 
+       if (!IS_WIRE_ERROR(minorStatus)) {
          /* Don't return non-wire error codes */
          return GSS_S_COMPLETE;
      }
author	Kevin Wasserman <kevin.wasserman@painless-security.com>
	Tue, 28 Jun 2011 17:17:10 +0000 (13:17 -0400)
committer	Sam Hartman <hartmans@debian.org>
	Fri, 1 Jul 2011 10:20:21 +0000 (06:20 -0400)