krb5_sspi: Only generate the output token when its not allocated

Prior to this change, we were generating the output token when the
credentials were NULL rather than when the output token was NULL.

This also brings this part of the Kerberos 5 code in line with the
Negotiate code.

diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index da08f8f0356a82c5ed72991d97860a08ca503039..4ad5f3ac06f9534fa114ef7a0414f31e9ccb2a5b 100644 (file)
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -92,7 +92,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
       return CURLE_OUT_OF_MEMORY;
   }
 
-  if(!krb5->credentials) {
+  if(!krb5->output_token) {
     /* Query the security package for Kerberos */
     status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
                                                 TEXT(SP_NAME_KERBEROS),
@@ -110,7 +110,9 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
     krb5->output_token = malloc(krb5->token_max);
     if(!krb5->output_token)
       return CURLE_OUT_OF_MEMORY;
+  }
 
+  if(!krb5->credentials) {
     if(userp && *userp) {
       /* Populate our identity structure */
       result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);