goakerberosidentity: Ensure old_verification_level is initialized

verify_identity has a short-circuit at the top of the file if the
active credentials cache is already known. In that case it bypasses
the search for a credentials cache. Unfortunately it also inadvertently
bypasses initialization of old_verification_level, leading to the
code thinking the identity is always going unexpired.

This commit fixes that.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/goaidentity/goakerberosidentity.c b/src/goaidentity/goakerberosidentity.c
index 0eb0a9c..e4f09e1 100644
--- a/src/goaidentity/goakerberosidentity.c
+++ b/src/goaidentity/goakerberosidentity.c
@@ -886,6 +886,10 @@ verify_identity (GoaKerberosIdentity  *self,
   VerificationLevel best_verification_level = VERIFICATION_LEVEL_UNVERIFIED;
   GHashTableIter iter;
 
+  G_LOCK (identity_lock);
+  old_verification_level = self->cached_verification_level;
+  G_UNLOCK (identity_lock);
+
   if (self->active_credentials_cache_name != NULL)
     {
       G_LOCK (identity_lock);
@@ -924,10 +928,6 @@ verify_identity (GoaKerberosIdentity  *self,
   }
 
   G_LOCK (identity_lock);
-  old_verification_level = self->cached_verification_level;
-  G_UNLOCK (identity_lock);
-
-  G_LOCK (identity_lock);
   g_hash_table_iter_init (&iter, self->credentials_caches);
   while (g_hash_table_iter_next (&iter, (gpointer *) &name, (gpointer*) &credentials_cache))
     {