From 72e1f288545e07166e9442073f045cdde562d367 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 7 Oct 2011 18:06:57 +1100 Subject: [PATCH] fix incorrect reauth cred assert check --- moonshot/mech_eap/init_sec_context.c | 8 ++++++-- moonshot/mech_eap/util_reauth.c | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/moonshot/mech_eap/init_sec_context.c b/moonshot/mech_eap/init_sec_context.c index 15e0520..e99b479 100644 --- a/moonshot/mech_eap/init_sec_context.c +++ b/moonshot/mech_eap/init_sec_context.c @@ -457,8 +457,10 @@ eapGssSmInitGssReauth(OM_uint32 *minor, gss_OID actualMech = GSS_C_NO_OID; OM_uint32 gssFlags, timeRec; - GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); - + /* + * Here we use the passed in credential handle because the resolved + * context credential does not currently have the reauth creds. + */ if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) { if (!gssEapCanReauthP(cred, target, timeReq)) return GSS_S_CONTINUE_NEEDED; @@ -470,6 +472,8 @@ eapGssSmInitGssReauth(OM_uint32 *minor, goto cleanup; } + GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); + major = gssEapMechToGlueName(minor, target, &mechTarget); if (GSS_ERROR(major)) goto cleanup; diff --git a/moonshot/mech_eap/util_reauth.c b/moonshot/mech_eap/util_reauth.c index 32ed781..50011ca 100644 --- a/moonshot/mech_eap/util_reauth.c +++ b/moonshot/mech_eap/util_reauth.c @@ -485,7 +485,8 @@ gssEapCanReauthP(gss_cred_id_t cred, time_t now, expiryReq; OM_uint32 minor; - GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL); + if (cred == GSS_C_NO_CREDENTIAL) + return FALSE; now = time(NULL); expiryReq = now; -- 2.1.4