From f88b686167d3cc0c8e2c6d00f12da4b0fccc767d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Oct 2011 13:46:57 +1100
Subject: gensec: move event-using code to gensec_update() hooks out of
 gensec_start*()

This ensures that only gensec_update() will require an event context argument
when the API is refactored.

Andrew Bartlett
---
 source4/auth/gensec/gensec_krb5.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

(limited to 'source4/auth/gensec/gensec_krb5.c')

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index b3a20e4b63..f17245ccec 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -232,16 +232,9 @@ static NTSTATUS gensec_fake_gssapi_krb5_server_start(struct gensec_security *gen
 
 static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_security, bool gssapi)
 {
+	const char *hostname;
 	struct gensec_krb5_state *gensec_krb5_state;
-	krb5_error_code ret;
 	NTSTATUS nt_status;
-	struct ccache_container *ccache_container;
-	const char *hostname;
-	const char *error_string;
-	const char *principal;
-	krb5_data in_data;
-	struct tevent_context *previous_ev;
-
 	hostname = gensec_get_target_hostname(gensec_security);
 	if (!hostname) {
 		DEBUG(1, ("Could not determine hostname for target computer, cannot use kerberos\n"));
@@ -276,8 +269,24 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
 			gensec_krb5_state->ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
 		}
 	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security, bool gssapi)
+{
+	struct gensec_krb5_state *gensec_krb5_state;
+	krb5_error_code ret;
+	struct ccache_container *ccache_container;
+	const char *error_string;
+	const char *principal;
+	const char *hostname;
+	krb5_data in_data;
+	struct tevent_context *previous_ev;
+
+	gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
 
 	principal = gensec_get_target_principal(gensec_security);
+	hostname = gensec_get_target_hostname(gensec_security);
 
 	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), 
 				         gensec_security->event_ctx, 
@@ -425,6 +434,11 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
 	{
 		DATA_BLOB unwrapped_out;
 		
+		nt_status = gensec_krb5_common_client_creds(gensec_security, gensec_krb5_state->gssapi);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			return nt_status;
+		}
+
 		if (gensec_krb5_state->gssapi) {
 			unwrapped_out = data_blob_talloc(out_mem_ctx, gensec_krb5_state->enc_ticket.data, gensec_krb5_state->enc_ticket.length);
 			
-- 
cgit