From c00799be185fba3ed1941f92c8a5624395a97439 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 15 Nov 2006 10:18:55 +0000
Subject: [PATCH] Keep track of the opportunistic token in the inital message,
 it might be a complete gss-api context, in that case we'll get back
 accept_completed without any token. With this change, krb5 w/o mutual
 authentication works.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19043 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/spnego/init_sec_context.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/gssapi/spnego/init_sec_context.c b/lib/gssapi/spnego/init_sec_context.c
index 93f3a18cd..61a2902a7 100644
--- a/lib/gssapi/spnego/init_sec_context.c
+++ b/lib/gssapi/spnego/init_sec_context.c
@@ -228,6 +228,8 @@ spnego_initial
 	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
 	return sub;
     }
+    if (sub == GSS_S_COMPLETE)
+	ctx->maybe_open = 1;
 
     if (mech_token.length != 0) {
 	ALLOC(ni.mechToken, 1);
@@ -439,6 +441,9 @@ spnego_reply
 	if (ret == GSS_S_COMPLETE) {
 	    ctx->open = 1;
 	}
+    } else if (*(resp.negResult) == accept_completed) {
+	if (ctx->maybe_open)
+	    ctx->open = 1;
     }
 
     if (*(resp.negResult) == request_mic) {