Don't fail if password supplied by caller

If the libmoonshot or static (file-based) identity resolver fails, and
the caller provided a password via gss_acquire_cred_with_password(), then
resolving the credential should not fail.

diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c
index 444a1d7..8c954c2 100644 (file)
--- a/mech_eap/util_cred.c
+++ b/mech_eap/util_cred.c
@@ -728,9 +728,10 @@ gssEapResolveInitiatorCred(OM_uint32 *minor,
         if (major == GSS_S_CRED_UNAVAIL)
 #endif
             major = staticIdentityFileResolveInitiatorCred(minor, resolvedCred);
-        if (GSS_ERROR(major))
+        if (GSS_ERROR(major) && major != GSS_S_CRED_UNAVAIL)
             goto cleanup;
 
+        /* If we have a caller-supplied password, the credential is resolved. */
         if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) {
             major = GSS_S_CRED_UNAVAIL;
             *minor = GSSEAP_NO_DEFAULT_CRED;