From 78f092a567dfdbdf63d295e9a9cf48aaaace380b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 29 Mar 2015 17:42:08 -0400 Subject: Fix handling of context initialization If a previous call has decided to use only local (to the process) credentials, then we need to override all the way to the end. A previous patch also swapped the order in which credential handler and context handler are initialized, make sure also to swap the fallback checks. Set the behavior to the process default only if it wasn't forced to local. Signed-off-by: Simo Sorce --- proxy/src/mechglue/gpp_init_sec_context.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/proxy/src/mechglue/gpp_init_sec_context.c b/proxy/src/mechglue/gpp_init_sec_context.c index c80937c..64429d8 100644 --- a/proxy/src/mechglue/gpp_init_sec_context.c +++ b/proxy/src/mechglue/gpp_init_sec_context.c @@ -110,10 +110,6 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, /* ok this means a previous call decided to use the local mech, * so let's just re-enter the mechglue here and keep at it */ behavior = GPP_LOCAL_ONLY; - } else if (behavior == GPP_LOCAL_ONLY) { - maj = GSS_S_DEFECTIVE_CREDENTIAL; - min = 0; - goto done; } } else { ctx_handle = calloc(1, sizeof(struct gpp_context_handle)); @@ -131,6 +127,10 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, * local mech, so let's just re-enter the mechglue here, as we * have no way to export creds yet. */ behavior = GPP_LOCAL_ONLY; + } else if (behavior == GPP_LOCAL_ONLY) { + maj = GSS_S_DEFECTIVE_CREDENTIAL; + min = 0; + goto done; } } else { cred_handle = calloc(1, sizeof(struct gpp_cred_handle)); @@ -142,7 +142,9 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, } name = (struct gpp_name_handle *)target_name; - behavior = gpp_get_behavior(); + if (behavior == GPP_UNINITIALIZED) { + behavior = gpp_get_behavior(); + } /* See if we should try local first */ if (behavior == GPP_LOCAL_ONLY || behavior == GPP_LOCAL_FIRST) { -- cgit