Fix for OpenSSH interoperability

[mech_eap.orig] / mech_eap / init_sec_context.c

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 951ea2b..c42fa88 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -543,7 +543,9 @@ eapGssSmInitAcceptorName(OM_uint32 *minor,
                ctx->acceptorName == GSS_C_NO_NAME) {
         /* Accept target name hint from acceptor */
         major = gssEapImportName(minor, inputToken,
-                                 GSS_C_NT_USER_NAME, &ctx->acceptorName);
+                                 GSS_C_NT_USER_NAME,
+                                 ctx->mechanismUsed,
+                                 &ctx->acceptorName);
         if (GSS_ERROR(major))
             return major;
     }
@@ -898,6 +900,7 @@ gss_init_sec_context(OM_uint32 *minor,
 {
     OM_uint32 major, tmpMinor;
     gss_ctx_id_t ctx = *context_handle;
+    int initialContextToken = 0;
 
     *minor = 0;
 
@@ -915,13 +918,7 @@ gss_init_sec_context(OM_uint32 *minor,
             return major;
 
         ctx->flags |= CTX_FLAG_INITIATOR;
-
-        major = initBegin(minor, cred, ctx, target_name, mech_type,
-                          req_flags, time_req, input_chan_bindings);
-        if (GSS_ERROR(major)) {
-            gssEapReleaseContext(minor, &ctx);
-            return major;
-        }
+        initialContextToken = 1;
 
         *context_handle = ctx;
     }
@@ -948,13 +945,19 @@ gss_init_sec_context(OM_uint32 *minor,
 
     GSSEAP_MUTEX_LOCK(&cred->mutex);
 
-
     if ((cred->flags & CRED_FLAG_INITIATE) == 0) {
         major = GSS_S_NO_CRED;
         *minor = GSSEAP_CRED_USAGE_MISMATCH;
         goto cleanup;
     }
 
+    if (initialContextToken) {
+        major = initBegin(minor, cred, ctx, target_name, mech_type,
+                          req_flags, time_req, input_chan_bindings);
+        if (GSS_ERROR(major))
+            goto cleanup;
+    }
+
     major = gssEapSmStep(minor,
                          cred,
                          ctx,