From 91a545bd35ff83b461c1294063dff27c48f9e174 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mar 04 2017 00:19:56 +0000
Subject: Do not re-export unchanged creds


This avoids a needless re-encryption operation and also insures the
client receives back the exact same input; this way the client can
detect if credentials have changed.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>

---

diff --git a/src/gp_rpc_acquire_cred.c b/src/gp_rpc_acquire_cred.c
index 7f40c64..9a55937 100644
--- a/src/gp_rpc_acquire_cred.c
+++ b/src/gp_rpc_acquire_cred.c
@@ -137,10 +137,16 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall,
         ret_min = ENOMEM;
         goto done;
     }
-    ret_maj = gp_export_gssx_cred(&ret_min, gpcall,
-                                  &out_cred, acr->output_cred_handle);
-    if (ret_maj) {
-        goto done;
+
+    if (out_cred == in_cred) {
+        acr->output_cred_handle = aca->input_cred_handle;
+        aca->input_cred_handle = NULL;
+    } else {
+        ret_maj = gp_export_gssx_cred(&ret_min, gpcall,
+                                      &out_cred, acr->output_cred_handle);
+        if (ret_maj) {
+            goto done;
+        }
     }
 
 done: