From: Luke Howard <lukeh@padl.com>
Date: Fri, 7 Oct 2011 14:39:32 +0000 (+1100)
Subject: Don't fail if password supplied by caller
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=25770a55e806a6ec1767f281fcb4245516435fdc

Don't fail if password supplied by caller

If the libmoonshot or static (file-based) identity resolver fails, and
the caller provided a password via gss_acquire_cred_with_password(), then
resolving the credential should not fail.
---

diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c
index 444a1d7..8c954c2 100644
--- a/mech_eap/util_cred.c
+++ b/mech_eap/util_cred.c
@@ -728,9 +728,10 @@ gssEapResolveInitiatorCred(OM_uint32 *minor,
         if (major == GSS_S_CRED_UNAVAIL)
 #endif
             major = staticIdentityFileResolveInitiatorCred(minor, resolvedCred);
-        if (GSS_ERROR(major))
+        if (GSS_ERROR(major) && major != GSS_S_CRED_UNAVAIL)
             goto cleanup;
 
+        /* If we have a caller-supplied password, the credential is resolved. */
         if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) {
             major = GSS_S_CRED_UNAVAIL;
             *minor = GSSEAP_NO_DEFAULT_CRED;