From 927e502c29b88c14adcff94b1622a6d023c55e5d Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 15 Mar 2011 17:12:14 +1100
Subject: [PATCH] Ensure credentials are initialized before calling initBegin()

---
 mech_eap/init_sec_context.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 951ea2b..a7d17b5 100644
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -898,6 +898,7 @@ gss_init_sec_context(OM_uint32 *minor,
 {
     OM_uint32 major, tmpMinor;
     gss_ctx_id_t ctx = *context_handle;
+    int initialContextToken = 0;
 
     *minor = 0;
 
@@ -915,13 +916,7 @@ gss_init_sec_context(OM_uint32 *minor,
             return major;
 
         ctx->flags |= CTX_FLAG_INITIATOR;
-
-        major = initBegin(minor, cred, ctx, target_name, mech_type,
-                          req_flags, time_req, input_chan_bindings);
-        if (GSS_ERROR(major)) {
-            gssEapReleaseContext(minor, &ctx);
-            return major;
-        }
+        initialContextToken = 1;
 
         *context_handle = ctx;
     }
@@ -948,13 +943,21 @@ gss_init_sec_context(OM_uint32 *minor,
 
     GSSEAP_MUTEX_LOCK(&cred->mutex);
 
-
     if ((cred->flags & CRED_FLAG_INITIATE) == 0) {
         major = GSS_S_NO_CRED;
         *minor = GSSEAP_CRED_USAGE_MISMATCH;
         goto cleanup;
     }
 
+    if (initialContextToken) {
+        major = initBegin(minor, cred, ctx, target_name, mech_type,
+                          req_flags, time_req, input_chan_bindings);
+        if (GSS_ERROR(major)) {
+            gssEapReleaseContext(minor, &ctx);
+            return major;
+        }
+    }
+
     major = gssEapSmStep(minor,
                          cred,
                          ctx,
-- 
2.1.4