diff options
| author | Simo Sorce <simo@redhat.com> | 2013-10-15 15:45:59 -0400 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2013-10-18 14:34:46 +0200 |
| commit | aaad6e85e8a1e25da3005b1593834a8269114171 (patch) | |
| tree | d171fe7833d20a4a4b6e7fef2f1ec62effbd49f1 | |
| parent | 39ea56ce5d2cdfe08ed137c5262a709bbb08f151 (diff) | |
| download | gss-proxy-aaad6e85e8a1e25da3005b1593834a8269114171.tar.gz gss-proxy-aaad6e85e8a1e25da3005b1593834a8269114171.tar.xz gss-proxy-aaad6e85e8a1e25da3005b1593834a8269114171.zip | |
Fix LOCAL_FIRST behavior
We were erroneously returning and never falling back if LOCAL_FIRST was
selected. Correct also the remote first fallback flow.
Resolves: https://fedorahosted.org/gss-proxy/ticket/105
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
| -rw-r--r-- | proxy/src/mechglue/gpp_acquire_cred.c | 39 |
1 files changed, 19 insertions, 20 deletions
diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c index a3290dd..fb80677 100644 --- a/proxy/src/mechglue/gpp_acquire_cred.c +++ b/proxy/src/mechglue/gpp_acquire_cred.c @@ -109,7 +109,7 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status, maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage, out_cred_handle, actual_mechs, time_rec); - if (maj != GSS_S_NO_CRED || behavior != GPP_LOCAL_FIRST) { + if (maj == GSS_S_COMPLETE || behavior == GPP_LOCAL_ONLY) { goto done; } @@ -119,31 +119,30 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status, } /* Then try with remote */ - if (behavior == GPP_REMOTE_ONLY || behavior == GPP_REMOTE_FIRST) { - - if (name && name->local && !name->remote) { - maj = gpp_local_to_name(&min, name->local, &name->remote); - if (maj) { - goto done; - } - } - - maj = gpm_acquire_cred(&min, - name ? name->remote : NULL, - time_req, - desired_mechs, - cred_usage, - &out_cred_handle->remote, - actual_mechs, - time_rec); - if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) { + if (name && name->local && !name->remote) { + maj = gpp_local_to_name(&min, name->local, &name->remote); + if (maj) { goto done; } + } + maj = gpm_acquire_cred(&min, + name ? name->remote : NULL, + time_req, + desired_mechs, + cred_usage, + &out_cred_handle->remote, + actual_mechs, + time_rec); + if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) { + goto done; + } + + if (behavior == GPP_REMOTE_FIRST) { /* So remote failed, but we can fallback to local, try that */ maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage, out_cred_handle, actual_mechs, time_rec); - } + } done: if (maj != GSS_S_COMPLETE && |