GSS status could be GSS_S_COMPLETE but still need to send something t…

…o the client.
PatriotSuite · Oct 27, 2011 · 2232591 · 2232591
1 parent 2231cbe
commit 2232591
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/common.c b/common.c
@@ -222,13 +222,14 @@ int recv_packet(int s, gss_buffer_desc * out,
 			return -1;
 		}
 	}
-	logit(-1, "Received %d bytes from remote host", r);
 
 	memcpy(&ph, pbuff, sizeof(ph));	
 	ph.sid = ntohs(ph.sid);
 	*pacout = ph.pac;
 	*sid = ph.sid;
 
+	logit(-1, "Received %d bytes from remote host - pac %d", r, ph.pac);
+
 	if(r == sizeof(ph) || !out)
 		return 0;
 

diff --git a/gssvpn.c b/gssvpn.c
@@ -169,7 +169,7 @@ int do_gssinit(struct ev_loop * loop, gss_buffer_desc * in) {
 		gss_delete_sec_context(&min, &context, NULL);
 	gssstate = gss_init_sec_context(&min, GSS_C_NO_CREDENTIAL,
 					&context, target_name, NULL,
-					GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG,
+					GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_MUTUAL_FLAG,
 					GSS_C_INDEFINITE, NULL, in, NULL, &tokenout,
 					NULL, NULL);
 

diff --git a/gssvpnd.c b/gssvpnd.c
@@ -338,9 +338,14 @@ void handle_gssinit(struct ev_loop * loop, struct conn * client,
 		return;
 	}
 	client->gssstate = maj;
-	if(maj == GSS_S_CONTINUE_NEEDED) {
+	if(output.length > 0) {
 		send_packet(netfd, &output, &client->addr,
 			PAC_GSSINIT, client->sid);
+		gss_release_buffer(&lmin, &output);
+	}
+
+	if(maj == GSS_S_CONTINUE_NEEDED) {
+		logit(0, "Continue needed for GSSAPI auth");
 		return;
 	}