From 05c7a774bfb33da2514677cbabd804ebd409a0ec Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 23 Sep 2011 12:58:18 +1000
Subject: [PATCH] retry cred acquisition with named cred

---
 plugins/gs2.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/plugins/gs2.c b/plugins/gs2.c
index 025f7fc..9e29fe1 100644
--- a/plugins/gs2.c
+++ b/plugins/gs2.c
@@ -1560,6 +1560,9 @@ gs2_get_init_creds(context_t *text,
                                        &text->client_name);
             if (GSS_ERROR(maj_stat))
                 goto cleanup;
+
+            /* The authid may have changed after prompting, so free any creds */
+            gss_release_cred(&min_stat, &text->client_creds);
         }
     }
 
@@ -1589,8 +1592,11 @@ gs2_get_init_creds(context_t *text,
                                     NULL,
                                     NULL,
                                     NULL);
-        if (GSS_ERROR(maj_stat))
-            goto cleanup;
+        if (GSS_ERROR(maj_stat)) {
+            /* Maybe there was no default credential */
+            auth_result = SASL_INTERACT;
+            goto interact;
+        }
 
         maj_stat = gss_display_name(&min_stat,
                                     text->client_name,
@@ -1671,6 +1677,8 @@ gs2_get_init_creds(context_t *text,
 
     maj_stat = GSS_S_COMPLETE;
 
+interact:
+
     /* free prompts we got */
     if (prompt_need && *prompt_need) {
         params->utils->free(*prompt_need);
-- 
2.1.4