- /* If credentials were provided, check they're usable with this mech */
- if (cred != GSS_C_NO_CREDENTIAL &&
- !gssEapCredAvailable(cred, ctx->mechanismUsed)) {
- major = GSS_S_BAD_MECH;
- goto cleanup;
+ /* Validate and lock credentials */
+ if (cred != GSS_C_NO_CREDENTIAL) {
+ if ((cred->flags & CRED_FLAG_ACCEPT) == 0) {
+ major = GSS_S_NO_CRED;
+ goto cleanup;
+ } else if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
+ major = GSS_S_BAD_MECH;
+ goto cleanup;
+ }
+
+ GSSEAP_MUTEX_LOCK(&cred->mutex);