From c5d80e916e087b584f8890c383fe699ec17a97ad Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 23 Feb 2017 13:56:34 -0500
Subject: [PATCH] Always check if we have a remote credential

Even if we are not given an explicit ccache, check if the ccache we are
going to use for operations on the client side has a stored remote
credential. If one is found use it.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
PR: #51
(cherry picked from commit ba27dee8a32750493664e720f751db2ff652d9a0)
---
 proxy/src/mechglue/gpp_acquire_cred.c | 43 +++++++++++++++++------------------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c
index 1444728..277e61a 100644
--- a/proxy/src/mechglue/gpp_acquire_cred.c
+++ b/proxy/src/mechglue/gpp_acquire_cred.c
@@ -88,6 +88,7 @@ OM_uint32 gssi_acquire_cred_from(OM_uint32 *minor_status,
     struct gpp_name_handle *name;
     struct gpp_cred_handle *out_cred_handle = NULL;
     struct gssx_cred *in_cred_remote = NULL;
+    const char *ccache_name = NULL;
     OM_uint32 maj, min;
     OM_uint32 tmaj, tmin;
 
@@ -111,29 +112,27 @@ OM_uint32 gssi_acquire_cred_from(OM_uint32 *minor_status,
     name = (struct gpp_name_handle *)desired_name;
     behavior = gpp_get_behavior();
 
-    /* if a cred_store option is passed in, check if it references
-     * valid credentials, if so switch behavior appropriately */
-    if (cred_store) {
-        for (unsigned i = 0; i < cred_store->count; i++) {
-            if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
-                gssx_cred remote = {0};
-                maj = gppint_retrieve_remote_creds(&min,
-                        cred_store->elements[i].value, NULL, &remote);
-                if (maj == GSS_S_COMPLETE) {
-                    in_cred_remote = malloc(sizeof(gssx_cred));
-                    if (!in_cred_remote) {
-                        maj = GSS_S_FAILURE;
-                        min = ENOMEM;
-                        goto done;
-                    }
-                    *in_cred_remote = remote;
-                    break;
-                }
-            }
+    /* Always check if we have remote creds stored in the local ccache */
+    for (unsigned i = 0; cred_store && i < cred_store->count; i++) {
+        if (strcmp(cred_store->elements[i].key, "ccache") == 0) {
+            ccache_name = cred_store->elements[i].value;
+            break;
         }
-        if (in_cred_remote) {
-            behavior = GPP_REMOTE_ONLY;
-        } else {
+    }
+
+    in_cred_remote = calloc(1, sizeof(gssx_cred));
+    if (!in_cred_remote) {
+        maj = GSS_S_FAILURE;
+        min = ENOMEM;
+        goto done;
+    }
+    maj = gppint_retrieve_remote_creds(&min, ccache_name, NULL,
+                                       in_cred_remote);
+    if (maj == GSS_S_COMPLETE) {
+        behavior = GPP_REMOTE_ONLY;
+    } else {
+        safefree(in_cred_remote);
+        if (ccache_name) {
             behavior = GPP_LOCAL_ONLY;
         }
     }