OM_uint32 major, tmpMinor;
gss_iov_buffer_desc iov[2];
+ if (ctx->flags & CTX_FLAG_KRB_REAUTH)
+ return GSS_S_CONTINUE_NEEDED;
+
iov[0].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
iov[0].buffer.length = 0;
iov[0].buffer.value = NULL;
ITOK_TYPE_GSS_CHANNEL_BINDINGS,
ITOK_TYPE_NONE,
GSSEAP_STATE_INITIATOR_EXTS,
- SM_ITOK_FLAG_REQUIRED,
+ 0,
eapGssSmAcceptGssChannelBindings,
},
{
major = acceptReadyKrb(minor, ctx, cred,
krbInitiator, mech, timeRec);
if (major == GSS_S_COMPLETE) {
- GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
+ GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIATOR_EXTS);
}
ctx->gssFlags = gssFlags;
} else if (GSS_ERROR(major) &&
gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
- major = GSS_S_CONTINUE_NEEDED;
}
+ major = GSS_S_CONTINUE_NEEDED;
+
gssReleaseName(&tmpMinor, &krbInitiator);
return major;
major = gssEapReauthComplete(minor, ctx, cred, actualMech, timeRec);
if (GSS_ERROR(major))
goto cleanup;
- GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
+
+ GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIATOR_EXTS);
} else {
GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_REAUTHENTICATE);
}
+ major = GSS_S_CONTINUE_NEEDED;
+
cleanup:
gssReleaseName(&tmpMinor, &mechTarget);
OM_uint32 major;
gss_buffer_desc buffer = GSS_C_EMPTY_BUFFER;
+ if (ctx->flags & CTX_FLAG_KRB_REAUTH)
+ return GSS_S_CONTINUE_NEEDED;
+
if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS)
buffer = chanBindings->application_data;
{
ITOK_TYPE_NONE,
ITOK_TYPE_INITIATOR_MIC,
+#ifdef GSSEAP_ENABLE_REAUTH
+ GSSEAP_STATE_REAUTHENTICATE |
+#endif
GSSEAP_STATE_INITIATOR_EXTS,
0,
eapGssSmInitInitiatorMIC
} else if ((smp->itokFlags & SM_ITOK_FLAG_REQUIRED) &&
smp->inputTokenType != ITOK_TYPE_NONE) {
/* Check for required inner tokens */
+#ifdef GSSEAP_DEBUG
+ fprintf(stderr, "GSS-EAP: missing required token %08X\n",
+ smp->inputTokenType);
+#endif
major = GSS_S_DEFECTIVE_TOKEN;
*minor = GSSEAP_MISSING_REQUIRED_ITOK;
break;