From b5dc39496272cbccdd45152f349362c2b779c326 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 13 May 2010 07:59:41 +1000
Subject: s4:gensec expose gensec_set_target_principal for use outside GENSEC

This allows for the rare case where the caller knows the target
principal.  The check for lp_client_use_spnego_principal() is moved to
the spengo code to make this work.

Andrew Bartlett
---
 source4/auth/gensec/gensec.c      | 2 +-
 source4/auth/gensec/gensec.h      | 2 ++
 source4/auth/gensec/gensec_krb5.c | 2 +-
 source4/auth/gensec/spnego.c      | 5 ++++-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index b532c1502d..c19d5ff5d5 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1302,7 +1302,7 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s
  *
  */
 
-NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) 
+_PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
 {
 	gensec_security->target.principal = talloc_strdup(gensec_security, principal);
 	if (!gensec_security->target.principal) {
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 47adf039c0..45e24f194f 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -311,4 +311,6 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
 int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
 bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
 
+NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
+
 #endif /* __GENSEC_H__ */
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index c2f96d7b7f..d051b7f227 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -299,7 +299,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
 	}
 	in_data.length = 0;
 	
-	if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
+	if (principal) {
 		krb5_principal target_principal;
 		ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
 				      &target_principal);
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index a715085d06..bbcba8dc5f 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -28,6 +28,7 @@
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_proto.h"
+#include "param/param.h"
 
 enum spnego_state_position {
 	SPNEGO_SERVER_START,
@@ -826,7 +827,9 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 
 		if (spnego.negTokenInit.targetPrincipal) {
 			DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal));
-			gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
+			if (lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
+				gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
+			}
 		}
 
 		nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
-- 
cgit