From: Luke Howard <lukeh@padl.com>
Date: Fri, 23 Sep 2011 02:58:18 +0000 (+1000)
Subject: retry cred acquisition with named cred
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=cyrus-sasl.git;a=commitdiff_plain;h=05c7a774bfb33da2514677cbabd804ebd409a0ec

retry cred acquisition with named cred
---

diff --git a/plugins/gs2.c b/plugins/gs2.c
index 025f7fc..9e29fe1 100644
--- a/plugins/gs2.c
+++ b/plugins/gs2.c
@@ -1560,6 +1560,9 @@ gs2_get_init_creds(context_t *text,
                                        &text->client_name);
             if (GSS_ERROR(maj_stat))
                 goto cleanup;
+
+            /* The authid may have changed after prompting, so free any creds */
+            gss_release_cred(&min_stat, &text->client_creds);
         }
     }
 
@@ -1589,8 +1592,11 @@ gs2_get_init_creds(context_t *text,
                                     NULL,
                                     NULL,
                                     NULL);
-        if (GSS_ERROR(maj_stat))
-            goto cleanup;
+        if (GSS_ERROR(maj_stat)) {
+            /* Maybe there was no default credential */
+            auth_result = SASL_INTERACT;
+            goto interact;
+        }
 
         maj_stat = gss_display_name(&min_stat,
                                     text->client_name,
@@ -1671,6 +1677,8 @@ gs2_get_init_creds(context_t *text,
 
     maj_stat = GSS_S_COMPLETE;
 
+interact:
+
     /* free prompts we got */
     if (prompt_need && *prompt_need) {
         params->utils->free(*prompt_need);