sasl_gs2_seterror(text->utils, maj_stat, min_stat);
ret = SASL_FAIL;
}
- if (ret != SASL_OK && ret != SASL_CONTINUE)
+ if (ret < SASL_OK)
sasl_gs2_free_context_contents(text);
return ret;
goto cleanup;
}
- req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ req_flags = GSS_C_SEQUENCE_FLAG;
maj_stat = gss_init_sec_context(&min_stat,
(params->gss_creds != GSS_C_NO_CREDENTIAL)
sasl_gs2_seterror(text->utils, maj_stat, min_stat);
ret = SASL_FAIL;
}
- if (ret != SASL_OK && ret != SASL_CONTINUE)
+ if (ret < SASL_OK)
sasl_gs2_free_context_contents(text);
return ret;
static int gs2_indicate_mechs(const sasl_utils_t *utils)
{
OM_uint32 major, minor;
- gss_OID_desc desired_oids[3];
+ gss_OID_desc desired_oids[2];
gss_OID_set_desc desired_attrs;
gss_OID_desc except_oids[3];
gss_OID_set_desc except_attrs;
return SASL_OK;
desired_oids[0] = *GSS_C_MA_AUTH_INIT;
- desired_oids[1] = *GSS_C_MA_AUTH_TARG;
- desired_oids[2] = *GSS_C_MA_CBINDINGS;
+ desired_oids[1] = *GSS_C_MA_CBINDINGS;
desired_attrs.count = sizeof(desired_oids)/sizeof(desired_oids[0]);
desired_attrs.elements = desired_oids;
&text->client_name);
if (GSS_ERROR(maj_stat))
goto cleanup;
+
+ /* The authid may have changed after prompting, so free any creds */
+ gss_release_cred(&min_stat, &text->client_creds);
}
}
NULL,
NULL,
NULL);
- if (GSS_ERROR(maj_stat))
- goto cleanup;
+ if (GSS_ERROR(maj_stat)) {
+ /* Maybe there was no default credential */
+ auth_result = SASL_INTERACT;
+ goto interact;
+ }
maj_stat = gss_display_name(&min_stat,
text->client_name,
maj_stat = GSS_S_COMPLETE;
+interact:
+
/* free prompts we got */
if (prompt_need && *prompt_need) {
params->utils->free(*prompt_need);