- gss_log(APLOG_MARK, APLOG_ERR, 0, r, "gssweb_authenticate_user: Unable to read nonce or input token from GSSWeb input");
- gss_delete_sec_context(&minor_status, &conn_ctx->context, GSS_C_NO_BUFFER);
- conn_ctx->context = GSS_C_NO_CONTEXT;
- conn_ctx->state = GSS_CTX_FAILED;
- if (0 != conn_ctx->output_token.length)
- gss_release_buffer(&minor_status, &(conn_ctx->output_token));
- conn_ctx->output_token.length = 0;
- ret = HTTP_UNAUTHORIZED;
+ /* If we get spurious msg on an established session, say OK again */
+ if (GSS_CTX_ESTABLISHED == conn_ctx->state)
+ ret = OK;
+ /* ...otherwise, if we are in progress, return HTTP_UNAUTHORIZED */
+ if (GSS_CTX_IN_PROGRESS == conn_ctx->state)
+ ret = HTTP_UNAUTHORIZED;
+ /* If this would start a new session, free the context and return DECLINED */
+ else {
+ gss_cleanup_conn_ctx(conn_ctx);
+ ret = DECLINED;
+ }