gssproxy/0001-Fix-LOCAL_FIRST-behavior.patch

From b73a9a18cb2df0b39c30d3e03c66d2f24ec3f57d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 15 Oct 2013 15:45:59 -0400
Subject: [PATCH 1/2] Fix LOCAL_FIRST behavior

We were erroneously returning and never falling back if LOCAL_FIRST was
selected. Correct also the remote first fallback flow.

Resolves: https://fedorahosted.org/gss-proxy/ticket/105
---
 proxy/src/mechglue/gpp_acquire_cred.c | 39 +++++++++++++++++------------------
 1 file changed, 19 insertions(+), 20 deletions(-)

diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c
index a3290dd72ae2d97eaa05f250a4d2dd96824abebf..fb80677eed4680470e21b820633e87b94f36d6cc 100644
--- a/proxy/src/mechglue/gpp_acquire_cred.c
+++ b/proxy/src/mechglue/gpp_acquire_cred.c
@@ -109,7 +109,7 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
         maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage,
                             out_cred_handle, actual_mechs, time_rec);
 
-        if (maj != GSS_S_NO_CRED || behavior != GPP_LOCAL_FIRST) {
+        if (maj == GSS_S_COMPLETE || behavior == GPP_LOCAL_ONLY) {
             goto done;
         }
 
@@ -119,31 +119,30 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
     }
 
     /* Then try with remote */
-    if (behavior == GPP_REMOTE_ONLY || behavior == GPP_REMOTE_FIRST) {
-
-        if (name && name->local && !name->remote) {
-            maj = gpp_local_to_name(&min, name->local, &name->remote);
-            if (maj) {
-                goto done;
-            }
-        }
-
-        maj = gpm_acquire_cred(&min,
-                               name ? name->remote : NULL,
-                               time_req,
-                               desired_mechs,
-                               cred_usage,
-                               &out_cred_handle->remote,
-                               actual_mechs,
-                               time_rec);
-        if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) {
+    if (name && name->local && !name->remote) {
+        maj = gpp_local_to_name(&min, name->local, &name->remote);
+        if (maj) {
             goto done;
         }
+    }
 
+    maj = gpm_acquire_cred(&min,
+                           name ? name->remote : NULL,
+                           time_req,
+                           desired_mechs,
+                           cred_usage,
+                           &out_cred_handle->remote,
+                           actual_mechs,
+                           time_rec);
+    if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) {
+        goto done;
+    }
+
+    if (behavior == GPP_REMOTE_FIRST) {
         /* So remote failed, but we can fallback to local, try that */
         maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage,
                             out_cred_handle, actual_mechs, time_rec);
-   }
+    }
 
 done:
     if (maj != GSS_S_COMPLETE &&
-- 
1.8.3.1