From 736cd3ee5f2c877c9691d1754c56624ba3a1af97 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Sat, 19 Mar 2011 00:20:42 +1100
Subject: [PATCH] fix regression where stored creds would be required

---
 gsseap_err.et |  3 ++-
 util_cred.c   | 23 +++++++++++++++--------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/gsseap_err.et b/gsseap_err.et
index 5aef703..5dfa3d4 100644
--- a/gsseap_err.et
+++ b/gsseap_err.et
@@ -78,7 +78,8 @@ error_code GSSEAP_BAD_USAGE,                    "Credential usage type is unknow
 error_code GSSEAP_CRED_USAGE_MISMATCH,          "Credential usage does not match requested usage"
 error_code GSSEAP_CRED_MECH_MISMATCH,           "Credential is not usable with this mechanism"
 error_code GSSEAP_BAD_CRED_OPTION,              "Bad credential option"
-error_code GSSEAP_NO_DEFAULT_CRED,              "Default credentials unavailable"
+error_code GSSEAP_NO_DEFAULT_IDENTITY,          "Default credentials identity unavailable"
+error_code GSSEAP_NO_DEFAULT_CRED,              "Missing default password or other credentials"
 
 #
 # Wrap/unwrap/PRF errors
diff --git a/util_cred.c b/util_cred.c
index 8c4ce55..81c75cd 100644
--- a/util_cred.c
+++ b/util_cred.c
@@ -141,8 +141,8 @@ readDefaultIdentityAndCreds(OM_uint32 *minor,
 
     fp = fopen(ccacheName, "r");
     if (fp == NULL) {
-        *minor = GSSEAP_NO_DEFAULT_CRED;
         major = GSS_S_CRED_UNAVAIL;
+        *minor = GSSEAP_NO_DEFAULT_CRED;
         goto cleanup;
     }
 
@@ -245,12 +245,12 @@ gssEapAcquireCred(OM_uint32 *minor,
 
     if (cred->flags & CRED_FLAG_INITIATE) {
         major = readDefaultIdentityAndCreds(minor, &defaultIdentity, &defaultCreds);
-        if (GSS_ERROR(major))
-            goto cleanup;
-
-        major = gssEapImportName(minor, &defaultIdentity, GSS_C_NT_USER_NAME,
-                                 nameMech, &defaultIdentityName);
-        if (GSS_ERROR(major))
+        if (major == GSS_S_COMPLETE) {
+            major = gssEapImportName(minor, &defaultIdentity, GSS_C_NT_USER_NAME,
+                                     nameMech, &defaultIdentityName);
+            if (GSS_ERROR(major))
+                goto cleanup;
+        } else if (major != GSS_S_CRED_UNAVAIL)
             goto cleanup;
     }
 
@@ -296,6 +296,12 @@ gssEapAcquireCred(OM_uint32 *minor,
             if (GSS_ERROR(major))
                 goto cleanup;
         } else if (cred->flags & CRED_FLAG_INITIATE) {
+            if (defaultIdentityName == GSS_C_NO_NAME) {
+                major = GSS_S_CRED_UNAVAIL;
+                *minor = GSSEAP_NO_DEFAULT_IDENTITY;
+                goto cleanup;
+            }
+
             cred->name = defaultIdentityName;
             defaultIdentityName = GSS_C_NO_NAME;
         }
@@ -310,7 +316,8 @@ gssEapAcquireCred(OM_uint32 *minor,
             goto cleanup;
 
         cred->flags |= CRED_FLAG_PASSWORD;
-    } else if (defaultCreds.value != NULL) {
+    } else if (defaultCreds.value != NULL &&
+        (cred->flags & CRED_FLAG_DEFAULT_IDENTITY)) {
         cred->password = defaultCreds;
 
         defaultCreds.length = 0;
-- 
2.1.4