From: Andreas Schneider <asn@samba.org>
Date: Sat, 1 Oct 2016 09:22:58 +0000 (+0200)
Subject: auth: Add cli_credentials_ccache_reinit()
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=ee044f376d1edfe9de8449b9120c6ad217191acc

auth: Add cli_credentials_ccache_reinit()

Signed-off-by: Andreas Schneider <asn@samba.org>
---

diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index f16c6f980856..1d5efc4759fa 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -166,6 +166,8 @@ NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
 bool cli_credentials_ccache_init(struct cli_credentials *cred,
 				 struct loadparm_context *lp_ctx,
 				 const char *ccache_name);
+bool cli_credentials_ccache_reinit(struct cli_credentials *cred,
+				   struct loadparm_context *lp_ctx);
 NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
 					      struct loadparm_context *lp_ctx,
 					      const char *serviceprincipal);
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index ca5fd964933b..45528a77e776 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -325,6 +325,56 @@ done:
 	return ok;
 }
 
+/**
+ * @brief Reinitialize the Kerberos credential cache
+ *
+ * If the credential cache is a memory credential cache it will be destroyed
+ * and a new clean cache will be allocated. Existing caches will just be
+ * reopened.
+ *
+ * @param[in]  cred     The credential structure
+ *
+ * @param[in]  lp_ctx   The loadparm context.
+ *
+ * @return true on success, false otherwise.
+ */
+_PUBLIC_ bool cli_credentials_ccache_reinit(struct cli_credentials *cred,
+					    struct loadparm_context *lp_ctx)
+{
+	krb5_context context;
+	krb5_error_code code;
+	char *tmp_name = NULL;
+	const char *ccache_name;
+	bool ok;
+	int cmp;
+
+	if (cred->krb5_ccache_obtained == CRED_UNINITIALISED) {
+		return false;
+	}
+	context = cred->krb5_ccache->smb_krb5_context->krb5_context;
+
+	code = krb5_cc_get_full_name(context,
+				     cred->krb5_ccache->ccache,
+				     &tmp_name);
+	if (code != 0) {
+		return false;
+	}
+
+	ccache_name = tmp_name;
+	cmp = strncasecmp_m(ccache_name, "MEMORY:", 7);
+	if (cmp == 0) {
+		ccache_name = NULL;
+	}
+
+	TALLOC_FREE(cred->krb5_ccache);
+	cred->krb5_ccache_obtained = CRED_UNINITIALISED;
+
+	ok = cli_credentials_ccache_init(cred, lp_ctx, ccache_name);
+	krb5_free_string(context, tmp_name);
+
+	return ok;
+}
+
 static int cli_credentials_set_from_ccache(struct cli_credentials *cred, 
 					   struct ccache_container *ccache,
 					   enum credentials_obtained obtained,