s4:auth/kerberos: remove one indentation level in kerberos_kinit_password_cc()

This will make the following changes easier to review.

metze

source4/auth/kerberos/kerberos.c

@@ -97,6 +97,10 @@
 	krb5_principal store_principal;
 	krb5_creds store_creds;
 	const char *self_service = target_service;
+	krb5_creds *s4u2self_creds;
+	krb5_principal self_princ;
+	krb5_ccache tmp_cc;
+	const char *self_realm;
 
 	/*
 	 * If we are not impersonating, then get this ticket for the
@@ -116,13 +120,13 @@
 
 	store_principal = init_principal;
 
-	if (impersonate_principal) {
-		krb5_ccache tmp_cc;
-		krb5_creds *s4u2self_creds;
-		krb5_principal self_princ;
-		const char *self_realm;
+	if (impersonate_principal == NULL) {
+		goto store;
+	}
 
 	/*
+	 * We are trying S4U2Self now:
+	 *
 	 * As we do not want to expose our TGT in the
 	 * krb5_ccache, which is also holds the impersonated creds.
 	 *
@@ -155,7 +159,7 @@
 	/*
 	 * For S4U2Self we need our own service principal,
 	 * which belongs to our own realm (available on
-		 * our client principal.
+	 * our client principal).
 	 */
 	self_realm = krb5_principal_get_realm(ctx, init_principal);
 
@@ -202,7 +206,8 @@
 	 * and creds instead of the TGT related stuff
 	 * in the krb5_ccache of the caller.
 	 */
-		code = krb5_copy_creds_contents(ctx, s4u2self_creds, &store_creds);
+	code = krb5_copy_creds_contents(ctx, s4u2self_creds,
+					&store_creds);
 	krb5_free_creds(ctx, s4u2self_creds);
 	if (code != 0) {
 		return code;
@@ -214,8 +219,8 @@
 	 * the S4U2Self ticket in the krb5_ccache lookup.
 	 */
 	store_principal = store_creds.client;
-	}
 
+ store:
 	code = krb5_cc_initialize(ctx, store_cc, store_principal);
 	if (code != 0) {
 		krb5_free_cred_contents(ctx, &store_creds);