diff options
| author | Simo Sorce <simo@redhat.com> | 2015-03-29 17:42:08 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-03-30 09:16:37 -0400 |
| commit | f2b4591c2673fc72a809d89e9b2d1b90e4710af0 (patch) | |
| tree | 9fce6156c65c32aab6f974775db91a17e44cdc83 | |
| parent | 00c6b95f7f10bd0b1897f8384d7ff985a9633c81 (diff) | |
| download | gss-proxy-f2b4591c2673fc72a809d89e9b2d1b90e4710af0.tar.gz gss-proxy-f2b4591c2673fc72a809d89e9b2d1b90e4710af0.tar.xz gss-proxy-f2b4591c2673fc72a809d89e9b2d1b90e4710af0.zip | |
Fix handling of context initialization
If a previous call has decided to use only local (to the process)
credentials, then we need to override all the way to the end.
A previous patch also swapped the order in which credential handler
and context handler are initialized, make sure also to swap the
fallback checks.
Set the behavior to the process default only if it wasn't forced to
local.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
| -rw-r--r-- | proxy/src/mechglue/gpp_init_sec_context.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/proxy/src/mechglue/gpp_init_sec_context.c b/proxy/src/mechglue/gpp_init_sec_context.c index c80937c..64429d8 100644 --- a/proxy/src/mechglue/gpp_init_sec_context.c +++ b/proxy/src/mechglue/gpp_init_sec_context.c @@ -110,10 +110,6 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, /* ok this means a previous call decided to use the local mech, * so let's just re-enter the mechglue here and keep at it */ behavior = GPP_LOCAL_ONLY; - } else if (behavior == GPP_LOCAL_ONLY) { - maj = GSS_S_DEFECTIVE_CREDENTIAL; - min = 0; - goto done; } } else { ctx_handle = calloc(1, sizeof(struct gpp_context_handle)); @@ -131,6 +127,10 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, * local mech, so let's just re-enter the mechglue here, as we * have no way to export creds yet. */ behavior = GPP_LOCAL_ONLY; + } else if (behavior == GPP_LOCAL_ONLY) { + maj = GSS_S_DEFECTIVE_CREDENTIAL; + min = 0; + goto done; } } else { cred_handle = calloc(1, sizeof(struct gpp_cred_handle)); @@ -142,7 +142,9 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, } name = (struct gpp_name_handle *)target_name; - behavior = gpp_get_behavior(); + if (behavior == GPP_UNINITIALIZED) { + behavior = gpp_get_behavior(); + } /* See if we should try local first */ if (behavior == GPP_LOCAL_ONLY || behavior == GPP_LOCAL_FIRST) { |